Added timeout logic as per multiple requests

README.md

@@ -2,6 +2,14 @@
 
 Simple Codeigniter, REST Server, JWT implementation.
 
+**Update**
+
+As per multiple requests, I am adding logic for timeout.  
+Please check ```application\controllers\Authtimeout.php``` for more details.
+
+**Note:** I did not add logic for expired token replacement after timeout.
+
+
 Setup
 =====
 
@@ -23,6 +31,12 @@ $config['encryption_key'] = '';
 $config['jwt_key']	= '';
 ```
 
+* **For Timeout** `token_timeout` in `application\config\jwt.php`
+
+```
+$config['token_timeout']	= ;
+```
+
 Run
 =====
 
@@ -37,6 +51,18 @@ Check decoded token
     Method: POST
     Header Key: Authorization
     Value: Auth token generated in GET call
+
+GET auth token with **timeout**
+
+    URL: http://host/CodeIgniter-JWT-Sample/authtimeout/token
+    Method: GET
+
+Check decoded token with **timeout**
+
+    URL: http://host/CodeIgniter-JWT-Sample/authtimeout/token
+    Method: POST
+    Header Key: Authorization
+    Value: Auth token generated in GET call of authtimeout controller
 
 Project uses 
 =======
@@ -49,4 +75,4 @@ Contact
 For any questions mail me paritoshvaidya@gmail.com
 
 
-[![GitHub license](https://img.shields.io/badge/license-MIT-blue.svg?style=flat-square)](https://raw.githubusercontent.com/chriskacerguis/codeigniter-restserver/master/LICENSE)
+[![GitHub license](https://img.shields.io/badge/license-MIT-blue.svg?style=flat-square)](https://github.com/ParitoshVaidya/CodeIgniter-JWT-Sample/blob/master/license.txt)

application/config/autoload.php

@@ -89,7 +89,7 @@
 |
 |	$autoload['helper'] = array('url', 'file');
 */
-$autoload['helper'] = array('url', 'form', 'jwt', "authorization");
+$autoload['helper'] = array('url', 'form', 'jwt', "authorization", "date");
 
 /*
 | -------------------------------------------------------------------

application/config/jwt.php

@@ -1,6 +1,11 @@
-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
 
-$config['jwt_key']	= 'ingDLMRuGe9UKHRNjs7cYckS2yul4lc3';
+$config['jwt_key'] = 'ingDLMRuGe9UKHRNjs7cYckS2yul4lc3';
+
+/*Generated token will expire in 1 minute for sample code
+* Increase this value as per requirement for production
+*/
+$config['token_timeout'] = 1;
 
 /* End of file jwt.php */
 /* Location: ./application/config/jwt.php */

application/controllers/Authtimeout.php

@@ -0,0 +1,65 @@
+<?php
+
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+require APPPATH . '/libraries/REST_Controller.php';
+
+/*
+ * Changes:
+ * 1. This project contains .htaccess file for windows machine.
+ *    Please update as per your requirements.
+ *    Samples (Win/Linux): http://stackoverflow.com/questions/28525870/removing-index-php-from-url-in-codeigniter-on-mandriva
+ *
+ * 2. Change 'encryption_key' in application\config\config.php
+ *    Link for encryption_key: http://jeffreybarke.net/tools/codeigniter-encryption-key-generator/
+ * 
+ * 3. Change 'jwt_key' in application\config\jwt.php
+ * 3. Change 'token_timeout' in application\config\jwt.php
+ *
+ */
+
+class Authtimeout extends REST_Controller
+{
+    /**
+     * URL: http://localhost/CodeIgniter-JWT-Sample/authtimeout/token
+     * Method: GET
+     */
+    public function token_get()
+    {
+        $tokenData = array();
+        $tokenData['id'] = 1; //TODO: Replace with data for token
+
+        /* Date helper
+        * https://www.codeigniter.com/user_guide/helpers/date_helper.html
+        * Added helper "date" in application\config\autoload.php line 92
+        * Notice - 'timestamp' is part of $tokenData
+        */
+        $tokenData['timestamp'] = now();
+
+        $output['token'] = AUTHORIZATION::generateToken($tokenData);
+        $this->set_response($output, REST_Controller::HTTP_OK);
+    }
+
+    /**
+     * URL: http://localhost/CodeIgniter-JWT-Sample/authtimeout/token
+     * Method: POST
+     * Header Key: Authorization
+     * Value: Auth token generated in GET call
+     */
+    public function token_post()
+    {
+        $headers = $this->input->request_headers();
+        if (array_key_exists('Authorization', $headers) && !empty($headers['Authorization'])) {
+            //TODO: Change 'token_timeout' in application\config\jwt.php
+            $decodedToken = AUTHORIZATION::validateTimestamp($headers['Authorization']);
+
+            // return response if token is valid
+            if ($decodedToken != false) {
+                $this->set_response($decodedToken, REST_Controller::HTTP_OK);
+                return;
+            }
+        }
+
+        $this->set_response("Unauthorised", REST_Controller::HTTP_UNAUTHORIZED);
+    }
+}

application/helpers/authorization_helper.php

@@ -2,6 +2,16 @@
 
 class AUTHORIZATION
 {
+    public static function validateTimestamp($token)
+    {
+        $CI =& get_instance();
+        $token = self::validateToken($token);
+        if ($token != false && (now() - $token->timestamp < ($CI->config->item('token_timeout') * 60))) {
+            return $token;
+        }
+        return false;
+    }
+
     public static function validateToken($token)
     {
         $CI =& get_instance();