agent foundation
This commit is contained in:
@@ -2,6 +2,7 @@
|
||||
|
||||
namespace MintyPHP\Service\Auth;
|
||||
|
||||
use MintyPHP\Http\RequestRuntimeInterface;
|
||||
use MintyPHP\Repository\Auth\ApiTokenRepositoryInterface;
|
||||
use MintyPHP\Repository\Support\DatabaseSessionRepository;
|
||||
use MintyPHP\Repository\User\UserReadRepositoryInterface;
|
||||
@@ -15,7 +16,8 @@ class ApiTokenService
|
||||
private readonly ApiTokenRepositoryInterface $apiTokenRepository,
|
||||
private readonly AuthSettingsGateway $settingsGateway,
|
||||
private readonly AuthScopeGateway $scopeGateway,
|
||||
private readonly DatabaseSessionRepository $databaseSessionRepository
|
||||
private readonly DatabaseSessionRepository $databaseSessionRepository,
|
||||
private readonly RequestRuntimeInterface $requestRuntime
|
||||
) {
|
||||
}
|
||||
|
||||
@@ -76,6 +78,7 @@ class ApiTokenService
|
||||
return ['ok' => false, 'error' => 'invalid_expires_at'];
|
||||
}
|
||||
|
||||
// Selector is public (used for lookup); verifier is the secret (only its hash is stored).
|
||||
$selector = bin2hex(random_bytes(12));
|
||||
$plainToken = bin2hex(random_bytes(32));
|
||||
$tokenHash = hash('sha256', $plainToken);
|
||||
@@ -140,6 +143,7 @@ class ApiTokenService
|
||||
$tenantId = null;
|
||||
}
|
||||
|
||||
// Wrap revoke+create in a transaction so rotation is atomic — no gap where neither token is valid.
|
||||
$transactionStarted = false;
|
||||
try {
|
||||
$this->databaseSessionRepository->beginTransaction();
|
||||
@@ -260,7 +264,7 @@ class ApiTokenService
|
||||
return null;
|
||||
}
|
||||
|
||||
$ip = $_SERVER['REMOTE_ADDR'] ?? '';
|
||||
$ip = $this->requestRuntime->ip();
|
||||
$this->apiTokenRepository->updateLastUsed((int) $record['id'], $ip);
|
||||
|
||||
return [
|
||||
|
||||
Reference in New Issue
Block a user