simular · asika32764 · May 25, 2024 · May 25, 2024 · May 25, 2024
diff --git a/routes/api/v1/public/auth.route.php b/routes/api/v1/public/auth.route.php
@@ -24,9 +24,11 @@ function (RouteCreator $router) {
             $router->post('/register')
                 ->handler('register');
 
-            $router->any('/refreshToken')
+            $router->get('/refreshToken')
                 ->handler('refreshToken');
 
+            // Deprecated
+            // -----------------------------------------------------------
             $router->any('/me')
                 ->handler('me')
                 ->middleware(ApiAuthMiddleware::class);

diff --git a/routes/api/v1/user.route.php b/routes/api/v1/user.route.php
@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Routes;
+
+use App\Module\Api\UserController;
+use Windwalker\Core\Router\RouteCreator;
+
+/** @var RouteCreator $router */
+
+$router->group('user')
+    ->prefix('user')
+    ->controller(UserController::class)
+    ->register(
+        function (RouteCreator $router) {
+            $router->any('/me')
+                ->getHandler('me')
+                ->deleteHandler('deleteMe');
+
+            $router->post('/sessions/refresh')
+                ->handler('refreshSessions');
+        }
+    );
diff --git a/src/Middleware/ApiAuthMiddleware.php b/src/Middleware/ApiAuthMiddleware.php
@@ -9,6 +9,7 @@
 use App\Enum\ErrorCode;
 use App\Service\ApiUserService;
 use App\Service\JwtAuthService;
+use Firebase\JWT\ExpiredException;
 use Lyrasoft\Luna\User\UserService;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
@@ -36,6 +37,8 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                 $this->jwtAuthService->extractAccessTokenFromHeader($authHeader, $user);
             } catch (NoResultException) {
                 ErrorCode::USER_NOT_FOUND->throw();
+            } catch (ExpiredException) {
+                ErrorCode::REFRESH_TOKEN_EXPIRED->throw();
             }
 
             $this->checkLastReset($request, $user);

diff --git a/src/Module/Api/AuthController.php b/src/Module/Api/AuthController.php
@@ -10,33 +10,27 @@
 use App\Entity\UserSecret;
 use App\Enum\ApiTokenType;
 use App\Enum\ErrorCode;
-use App\Service\EncryptionService;
+use App\Module\Api\Traits\SRPValidationTrait;
 use App\Service\JwtAuthService;
 use Brick\Math\BigInteger;
-use Brick\Math\Exception\NumberFormatException;
 use Firebase\JWT\JWT;
-use Firebase\JWT\Key;
 use Lyrasoft\Luna\Auth\SRP\SRPService;
 use Lyrasoft\Luna\User\UserService;
-use Psr\Container\ContainerExceptionInterface;
 use Windwalker\Core\Application\AppContext;
 use Windwalker\Core\Attributes\Controller;
 use Windwalker\Core\Http\RequestAssert;
 use Windwalker\Crypt\Symmetric\CipherInterface;
 use Windwalker\ORM\ORM;
 use Windwalker\SRP\Exception\InvalidSessionProofException;
 
-use Windwalker\SRP\Step\PasswordFile;
-
-use Windwalker\SRP\Step\ProofResult;
-
-use function Windwalker\chronos;
 use function Windwalker\Query\uuid2bin;
 use function Windwalker\uid;
 
 #[Controller]
 class AuthController
 {
+    use SRPValidationTrait;
+
     public function challenge(
         AppContext $app,
         ORM $orm,
@@ -260,19 +254,6 @@ public function refreshToken(
         return compact('accessToken', 'refreshToken');
     }
 
-    public function refreshSessions(\CurrentUser $currentUser, ORM $orm): true
-    {
-        $orm->updateBatch(
-            User::class,
-            [
-                'sess_valid_from' => chronos()
-            ],
-            ['id' => $currentUser->getId()]
-        );
-
-        return true;
-    }
-
     /**
      * @param  \CurrentUser  $currentUser
      *
@@ -297,77 +278,4 @@ public function deleteMe(
     ): true {
         return $app->dispatchController([UserController::class, 'deleteMe']);
     }
-
-    /**
-     * @param  ORM         $orm
-     * @param  SRPService  $srpService
-     * @param  User        $user
-     * @param  string      $A
-     * @param  string      $M1
-     * @param  string      $sess
-     *
-     * @return  array{ 0: ProofResult, 1: \stdClass, 2: UserSecret }
-     *
-     * @throws NumberFormatException
-     * @throws \Brick\Math\Exception\DivisionByZeroException
-     * @throws \Brick\Math\Exception\MathException
-     * @throws \Brick\Math\Exception\NegativeNumberException
-     */
-    protected function srpValidate(
-        ORM $orm,
-        SRPService $srpService,
-        User $user,
-        string $A,
-        string $M1,
-        string $sess
-    ): array {
-        $userSecret = $orm->mustFindOne(
-            UserSecret::class,
-            ['user_id' => uuid2bin($user->getId())]
-        );
-
-        if (!$loginToken = $user->getLoginToken()) {
-            ErrorCode::INVALID_SESSION->throw();
-        }
-
-        $loginPayload = JWT::decode(
-            $loginToken,
-            new Key($userSecret->getDecodedServerSecret(), 'HS512')
-        );
-
-        $sessPayload = JWT::decode(
-            $sess,
-            new Key($userSecret->getDecodedServerSecret(), 'HS512')
-        );
-
-        if ($loginPayload->sess !== $sessPayload->sess) {
-            ErrorCode::INVALID_SESSION->throw();
-        }
-
-        $password = $user->getPassword();
-
-        $pf = SRPService::decodePasswordVerifier($password);
-
-        $A = BigInteger::fromBase($A, 16);
-        $M1 = BigInteger::fromBase($M1, 16);
-        $b = BigInteger::fromBase($loginPayload->b, 16);
-        $B = BigInteger::fromBase($loginPayload->B, 16);
-
-        try {
-            $server = $srpService->getSRPServer();
-            $result = $server->step2(
-                $user->getEmail(),
-                $pf->salt,
-                $pf->verifier,
-                $A,
-                $B,
-                $b,
-                $M1
-            );
-
-            return [$result, $loginPayload, $userSecret];
-        } catch (InvalidSessionProofException) {
-            ErrorCode::INVALID_CREDENTIALS->throw();
-        }
-    }
 }
diff --git a/src/Module/Api/Traits/SRPValidationTrait.php b/src/Module/Api/Traits/SRPValidationTrait.php
@@ -0,0 +1,97 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Module\Api\Traits;
+
+use App\Entity\User;
+use App\Entity\UserSecret;
+use App\Enum\ErrorCode;
+use Brick\Math\BigInteger;
+use Brick\Math\Exception\DivisionByZeroException;
+use Brick\Math\Exception\MathException;
+use Brick\Math\Exception\NegativeNumberException;
+use Brick\Math\Exception\NumberFormatException;
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+use Lyrasoft\Luna\Auth\SRP\SRPService;
+use Windwalker\ORM\ORM;
+use Windwalker\SRP\Exception\InvalidSessionProofException;
+
+use function Windwalker\Query\uuid2bin;
+
+trait SRPValidationTrait
+{
+    /**
+     * @param  ORM         $orm
+     * @param  SRPService  $srpService
+     * @param  User        $user
+     * @param  string      $A
+     * @param  string      $M1
+     * @param  string      $sess
+     *
+     * @return  array
+     *
+     * @throws DivisionByZeroException
+     * @throws MathException
+     * @throws NegativeNumberException
+     * @throws NumberFormatException
+     */
+    protected function srpValidate(
+        ORM $orm,
+        SRPService $srpService,
+        User $user,
+        string $A,
+        string $M1,
+        string $sess
+    ): array {
+        $userSecret = $orm->mustFindOne(
+            UserSecret::class,
+            ['user_id' => uuid2bin($user->getId())]
+        );
+
+        if (!$loginToken = $user->getLoginToken()) {
+            ErrorCode::INVALID_SESSION->throw();
+        }
+
+        $loginPayload = JWT::decode(
+            $loginToken,
+            new Key($userSecret->getDecodedServerSecret(), 'HS512')
+        );
+
+        $sessPayload = JWT::decode(
+            $sess,
+            new Key($userSecret->getDecodedServerSecret(), 'HS512')
+        );
+
+        if ($loginPayload->sess !== $sessPayload->sess) {
+            ErrorCode::INVALID_SESSION->throw();
+        }
+
+        $password = $user->getPassword();
+
+        $pf = SRPService::decodePasswordVerifier($password);
+
+        $A = BigInteger::fromBase($A, 16);
+        $M1 = BigInteger::fromBase($M1, 16);
+        $b = BigInteger::fromBase($loginPayload->b, 16);
+        $B = BigInteger::fromBase($loginPayload->B, 16);
+
+        try {
+            $server = $srpService->getSRPServer();
+            $result = $server->step2(
+                $user->getEmail(),
+                $pf->salt,
+                $pf->verifier,
+                $A,
+                $B,
+                $b,
+                $M1
+            );
+
+            return [$result, $loginPayload, $userSecret];
+        } catch (InvalidSessionProofException) {
+            ErrorCode::INVALID_CREDENTIALS->throw();
+        }
+    }
+}
diff --git a/src/Module/Api/UserController.php b/src/Module/Api/UserController.php
@@ -5,6 +5,7 @@
 namespace App\Module\Api;
 
 use App\Entity\User;
+use App\Module\Api\Traits\SRPValidationTrait;
 use Psr\Container\ContainerExceptionInterface;
 use Windwalker\Core\Application\AppContext;
 use Windwalker\Core\Attributes\Controller;
@@ -17,6 +18,8 @@
 #[Controller]
 class UserController
 {
+    use SRPValidationTrait;
+
     public function refreshSessions(\CurrentUser $currentUser, ORM $orm): true
     {
         $orm->updateBatch(