Merge branch 'feature/add-auth-to-ws-20241111' into development

webpwnized · Nov 10, 2024 · 05e71d1 · 05e71d1
2 parents 06a6dc2 + 5debf82
commit 05e71d1
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 9 deletions.
diff --git a/src/includes/constants.php b/src/includes/constants.php
@@ -2,7 +2,7 @@
 	/* ------------------------------------------
 	 * @VERSION
 	 * ------------------------------------------*/
-	$C_VERSION = "2.11.24";
+	$C_VERSION = "2.11.25";
 	$C_VERSION_STRING = "Version: " . $C_VERSION;
 	$C_MAX_HINT_LEVEL = 1;
 

diff --git a/src/jwt.php b/src/jwt.php
@@ -2,16 +2,24 @@
 
 	require_once __SITE_ROOT__.'/classes/JWT.php';
 
+	// Configuration Constants
+	define('JWT_EXPIRATION_TIME', 3600); // Token expiration time in seconds
+	define('BASE_URL', ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST']);
 	define('ONE_HOUR', 60 * 60);
 
 	function generateJWT($pSigningKey) {
-		$lClaims = array(
-		   "iss" => "http://mutillidae.localhost",
-		   "aud" => "http://mutillidae.localhost",
-		   "iat" => time(),
-		   "exp" => time() + ONE_HOUR,
-		   "userid" => $_SESSION["uid"]
-	   );
+		// Define JWT claims with audience
+		$lClaims = [
+			'iss' => BASE_URL,   // Issuer is your domain
+			'aud' => BASE_URL,  // Audience for the token
+			'iat' => time(),      // Issued at
+			'nbf' => time(),      // Not before
+			'exp' => time() + JWT_EXPIRATION_TIME, // Expiration time
+			'sub' => $_SESSION["uid"],  // Subject is the client ID
+			'userid' => $_SESSION["uid"],
+			'jti' => bin2hex(random_bytes(16)) // JWT ID
+		];
+
 	   return JWT::encode($lClaims, $pSigningKey);
    }
 

diff --git a/version b/version
@@ -1 +1 @@
-2.11.24
+2.11.25