WT Blog | 创意开发者作品集

前些天不是自己在laravel里面安装jwt嘛，流程是前台登录获取token，然后将token放到header里面过来用中间件验证，但是，我尝试了修改下传过来的token给我报错这个
在这里插入图片描述
这个报错很明显是语法报错，追踪了下

 // 检测用户的登录状态，如果正常则通过
   if($user = $this->auth->parseToken()->authenticate()){
           AuthUser::setInfo($user);
           return $next($request);
       }

跟到authenticate（）方法

 public function authenticate()
    {
        $id = $this->getPayload()->get('sub');

    <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token operator">!</span> <span class="token variable">$this</span><span class="token operator">-</span><span class="token operator">&gt;</span><span class="token property">auth</span><span class="token operator">-</span><span class="token operator">&gt;</span><span class="token function">byId</span><span class="token punctuation">(</span><span class="token variable">$id</span><span class="token punctuation">)</span><span class="token punctuation">)</span> <span class="token punctuation">{<!-- --></span>
        <span class="token keyword">return</span> <span class="token boolean">false</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>

    <span class="token keyword">return</span> <span class="token variable">$this</span><span class="token operator">-</span><span class="token operator">&gt;</span><span class="token function">user</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>

跟到getPayload()方法

   public function getPayload()
    {
        $this->requireToken();

    <span class="token keyword">return</span> <span class="token variable">$this</span><span class="token operator">-</span><span class="token operator">&gt;</span><span class="token property">manager</span><span class="token operator">-</span><span class="token operator">&gt;</span><span class="token function">decode</span><span class="token punctuation">(</span><span class="token variable">$this</span><span class="token operator">-</span><span class="token operator">&gt;</span><span class="token property">token</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>

跟到decode（）方法

public function decode(Token $token, $checkBlacklist = true)
    {
        $payloadArray = $this->provider->decode($token->get());

    <span class="token variable">$payload</span> <span class="token operator">=</span> <span class="token variable">$this</span><span class="token operator">-</span><span class="token operator">&gt;</span><span class="token property">payloadFactory</span>
                    <span class="token operator">-</span><span class="token operator">&gt;</span><span class="token function">setRefreshFlow</span><span class="token punctuation">(</span><span class="token variable">$this</span><span class="token operator">-</span><span class="token operator">&gt;</span><span class="token property">refreshFlow</span><span class="token punctuation">)</span>
                    <span class="token operator">-</span><span class="token operator">&gt;</span><span class="token function">customClaims</span><span class="token punctuation">(</span><span class="token variable">$payloadArray</span><span class="token punctuation">)</span>
                    <span class="token operator">-</span><span class="token operator">&gt;</span><span class="token function">make</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>

    <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token variable">$checkBlacklist</span> <span class="token operator">&amp;&amp;</span> <span class="token variable">$this</span><span class="token operator">-</span><span class="token operator">&gt;</span><span class="token property">blacklistEnabled</span> <span class="token operator">&amp;&amp;</span> <span class="token variable">$this</span><span class="token operator">-</span><span class="token operator">&gt;</span><span class="token property">blacklist</span><span class="token operator">-</span><span class="token operator">&gt;</span><span class="token function">has</span><span class="token punctuation">(</span><span class="token variable">$payload</span><span class="token punctuation">)</span><span class="token punctuation">)</span> <span class="token punctuation">{<!-- --></span>
        <span class="token keyword">throw</span> <span class="token keyword">new</span> <span class="token class-name">TokenBlacklistedException</span><span class="token punctuation">(</span><span class="token single-quoted-string string">'The token has been blacklisted'</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>

    <span class="token keyword">return</span> <span class="token variable">$payload</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>

跟到decode()方法

 public function decode($token);

跟不下去了😏

最后还是全局搜索了报错短语，找到

public function decode($token)
    {
        try {
            $jwt = $this->parser->parse($token);
        } catch (Exception $e) {
            throw new TokenInvalidException('Could not decode token: '.$e->getMessage(), $e->getCode(), $e);
        }

    <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token operator">!</span> <span class="token variable">$jwt</span><span class="token operator">-</span><span class="token operator">&gt;</span><span class="token function">verify</span><span class="token punctuation">(</span><span class="token variable">$this</span><span class="token operator">-</span><span class="token operator">&gt;</span><span class="token property">signer</span><span class="token punctuation">,</span> <span class="token variable">$this</span><span class="token operator">-</span><span class="token operator">&gt;</span><span class="token function">getVerificationKey</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">)</span> <span class="token punctuation">{<!-- --></span>
        <span class="token keyword">throw</span> <span class="token keyword">new</span> <span class="token class-name">TokenInvalidException</span><span class="token punctuation">(</span><span class="token single-quoted-string string">'Token Signature could not be verified.'</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>

    <span class="token keyword">return</span> <span class="token punctuation">(</span><span class="token keyword">new</span> <span class="token class-name">Collection</span><span class="token punctuation">(</span><span class="token variable">$jwt</span><span class="token operator">-</span><span class="token operator">&gt;</span><span class="token function">getClaims</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token operator">-</span><span class="token operator">&gt;</span><span class="token function">map</span><span class="token punctuation">(</span><span class="token keyword">function</span> <span class="token punctuation">(</span><span class="token variable">$claim</span><span class="token punctuation">)</span> <span class="token punctuation">{<!-- --></span>
        <span class="token keyword">return</span> <span class="token function">is_object</span><span class="token punctuation">(</span><span class="token variable">$claim</span><span class="token punctuation">)</span> <span class="token operator">?</span> <span class="token variable">$claim</span><span class="token operator">-</span><span class="token operator">&gt;</span><span class="token function">getValue</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">:</span> <span class="token variable">$claim</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span><span class="token punctuation">)</span><span class="token operator">-</span><span class="token operator">&gt;</span><span class="token function">toArray</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>

跟着->parse($token)找到

 public function parse($jwt)
    {
        $data = $this->splitJwt($jwt);
        $header = $this->parseHeader($data[0]);
        $claims = $this->parseClaims($data[1]);
        $signature = $this->parseSignature($header, $data[2]);

    <span class="token keyword">foreach</span> <span class="token punctuation">(</span><span class="token variable">$claims</span> <span class="token keyword">as</span> <span class="token variable">$name</span> <span class="token operator">=</span><span class="token operator">&gt;</span> <span class="token variable">$value</span><span class="token punctuation">)</span> <span class="token punctuation">{<!-- --></span>
        <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token function">isset</span><span class="token punctuation">(</span><span class="token variable">$header</span><span class="token punctuation">[</span><span class="token variable">$name</span><span class="token punctuation">]</span><span class="token punctuation">)</span><span class="token punctuation">)</span> <span class="token punctuation">{<!-- --></span>
            <span class="token variable">$header</span><span class="token punctuation">[</span><span class="token variable">$name</span><span class="token punctuation">]</span> <span class="token operator">=</span> <span class="token variable">$value</span><span class="token punctuation">;</span>
        <span class="token punctuation">}</span>
    <span class="token punctuation">}</span>

    <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token variable">$signature</span> <span class="token operator">===</span> <span class="token keyword">null</span><span class="token punctuation">)</span> <span class="token punctuation">{<!-- --></span>
        <span class="token function">unset</span><span class="token punctuation">(</span><span class="token variable">$data</span><span class="token punctuation">[</span><span class="token number">2</span><span class="token punctuation">]</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>

    <span class="token keyword">return</span> <span class="token keyword">new</span> <span class="token class-name">Token</span><span class="token punctuation">(</span><span class="token variable">$header</span><span class="token punctuation">,</span> <span class="token variable">$claims</span><span class="token punctuation">,</span> <span class="token variable">$signature</span><span class="token punctuation">,</span> <span class="token variable">$data</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>

跟着-$this->parseHeader($data[0])找到，找到重点来了！

  protected function parseHeader($data)
    {
        $header = (array) $this->decoder->jsonDecode($this->decoder->base64UrlDecode($data));

    <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token function">isset</span><span class="token punctuation">(</span><span class="token variable">$header</span><span class="token punctuation">[</span><span class="token single-quoted-string string">'enc'</span><span class="token punctuation">]</span><span class="token punctuation">)</span><span class="token punctuation">)</span> <span class="token punctuation">{<!-- --></span>
        <span class="token keyword">throw</span> <span class="token keyword">new</span> <span class="token class-name">InvalidArgumentException</span><span class="token punctuation">(</span><span class="token single-quoted-string string">'Encryption is not supported yet'</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>

    <span class="token keyword">return</span> <span class="token variable">$header</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>

跟着$this->decoder->base64UrlDecode($data)发现返回到竟然是乱码字符串，下图
在这里插入图片描述
然后我把2去了发现返回json字符串，下图

所以再这个进入到

跟着->jsonDecode(

   public function jsonDecode($json)
    {
    // 下面这个json_decode就会报错了
        $data = json_decode($json);

    <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token function">json_last_error</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token operator">!=</span> <span class="token constant">JSON_ERROR_NONE</span><span class="token punctuation">)</span> <span class="token punctuation">{<!-- --></span>
        <span class="token keyword">throw</span> <span class="token keyword">new</span> <span class="token class-name">RuntimeException</span><span class="token punctuation">(</span><span class="token single-quoted-string string">'Error while decoding to JSON: '</span> <span class="token punctuation">.</span> <span class="token function">json_last_error_msg</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>

    <span class="token keyword">return</span> <span class="token variable">$data</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>

总结： jwt测试不能随意到改下token就测了，这样会报错，也不能换成其他项目生成到toekn来测试，这会报系统异常Token Signature could not be verified这个意思是“无法验证令牌签名

”，所以当一个正常当token过来就算是过期了，我这都会返回401的，也会给刷新token，所以按照流程规范走就行。🙃

记一次jwt挖laravel底层过程