Laravel 10 Support (provided by @ttrushin ❤️)

teraone · Jun 6, 2023 · f4415eb · f4415eb
2 parents 89e0fe7 + 5aaa943
commit f4415eb
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -23,7 +23,7 @@ composer require teraone/laravel-cloudflare-zero-trust-middleware
 Publish the config file with:
 
 ```bash
-php artisan vendor:publish --tag="laravel-cloudflare-zero-trust-middleware-config"
+php artisan vendor:publish --tag="cloudflare-zero-trust-middleware-config"
 ```
 
 This is the content of the published config file:

diff --git a/composer.json b/composer.json
@@ -20,12 +20,12 @@
     ],
     "require": {
         "php": "^8.1",
-        "illuminate/contracts": "^9.0",
+        "illuminate/contracts": "^9.0|^10.0",
         "guzzlehttp/guzzle": "^7.5",
         "spatie/laravel-package-tools": "^1.14.0",
-        "web-token/jwt-checker": "^2.2",
-        "web-token/jwt-core": "^2.2",
-        "web-token/jwt-signature-algorithm-rsa": "^2.2"
+        "web-token/jwt-checker": "^3.0",
+        "web-token/jwt-core": "^3.0",
+        "web-token/jwt-signature-algorithm-rsa": "^3.0"
     },
     "require-dev": {
         "laravel/pint": "^1.4",
@@ -39,7 +39,7 @@
         "phpstan/phpstan-phpunit": "^1.0",
         "phpunit/phpunit": "^9.5",
         "spatie/laravel-ray": "^1.26",
-        "web-token/jwt-key-mgmt": "^2.2"
+        "web-token/jwt-key-mgmt": "^3.0"
     },
     "autoload": {
         "psr-4": {

diff --git a/src/ZeroTrustMiddleware.php b/src/ZeroTrustMiddleware.php
@@ -39,6 +39,8 @@ class ZeroTrustMiddleware
 
     public const CERTIFICATE_CACHE_KEY = 'cloudflare-zero-trust-middleware-certificate-cache';
 
+    final public const CLAIMS = ['iss', 'sub', 'aud', 'exp', 'nbf', 'country', 'identity_nonce', 'type'];
+
     /**
      * Handle an incoming request.
      *
@@ -79,12 +81,29 @@ public function handle(Request $request, Closure $next)
         return $next($request);
     }
 
+
+    protected function getClaims(): array
+    {
+        return self::CLAIMS;
+    }
+
+    protected function getClaimCheckers(): array
+    {
+        return [
+            new IssuedAtChecker,
+            new IssuerChecker(['https://'.config('cloudflare-zero-trust-middleware.cloudflare_team_name').'.cloudflareaccess.com']),
+            new NotBeforeChecker,
+            new ExpirationTimeChecker,
+            new AudienceChecker(config('cloudflare-zero-trust-middleware.cloudflare_zero_trust_application_audience_tag')),
+        ];
+    }
+
     /**
      * @throws MissingMandatoryClaimException
      * @throws InvalidClaimException
      * @throws InvalidArgumentException
      */
-    private function jwtIsValid(string $token): bool
+    protected function jwtIsValid(string $token): bool
     {
         // The serializer manager. We only use the JWS Compact Serialization Mode.
         $serializerManager = new JWSSerializerManager([
@@ -110,15 +129,11 @@ private function jwtIsValid(string $token): bool
 
         $claimCheckerManager = new ClaimCheckerManager(
             [
-                new IssuedAtChecker,
-                new IssuerChecker(['https://'.config('cloudflare-zero-trust-middleware.cloudflare_team_name').'.cloudflareaccess.com']),
-                new NotBeforeChecker,
-                new ExpirationTimeChecker,
-                new AudienceChecker(config('cloudflare-zero-trust-middleware.cloudflare_zero_trust_application_audience_tag')),
+                ...$this->getClaimCheckers(),
             ]
         );
         $claims = json_decode($jws->getPayload(), true);
-        $claimCheckerManager->check($claims, ['iss', 'sub', 'aud', 'exp', 'nbf', 'country', 'identity_nonce', 'type']);
+        $claimCheckerManager->check($claims, $this->getClaims());
 
         // We must verify the signature with the correct key
         $key_id_used_for_sig = $jws->getSignature(0)->getProtectedHeaderParameter('kid');
@@ -150,7 +165,7 @@ private function jwtIsValid(string $token): bool
     /**
      * @throws InvalidConfigurationException
      */
-    private function validateConfig(): void
+    protected function validateConfig(): void
     {
         if (config('cloudflare-zero-trust-middleware.cloudflare_team_name') === null) {
             throw new InvalidConfigurationException('Missing config: cloudflare-zero-trust-middleware.cloudflare_team_name ');
@@ -163,7 +178,7 @@ private function validateConfig(): void
     /**
      * @throws InvalidArgumentException
      */
-    private function getJWKKeySet(): JWKSet
+    protected function getJWKKeySet(): JWKSet
     {
         if (! config('cloudflare-zero-trust-middleware.cache')) {
             return $this->getKeysFromCloudflare();
@@ -176,7 +191,7 @@ private function getJWKKeySet(): JWKSet
         });
     }
 
-    private static function getCacheKey(): string
+    protected static function getCacheKey(): string
     {
         // ensure a config change "updates" the cache
 
@@ -186,7 +201,7 @@ private static function getCacheKey(): string
     /**
      * @throws InvalidArgumentException
      */
-    private function getKeysFromCloudflare(): JWKSet
+    protected function getKeysFromCloudflare(): JWKSet
     {
         $url = 'https://'.config('cloudflare-zero-trust-middleware.cloudflare_team_name').'.cloudflareaccess.com/cdn-cgi/access/certs';
         $res = Http::timeout(5)