Store secret JWT API token into a DB table

Author: pH-7

.env.dist

@@ -2,7 +2,6 @@
 APP_URL="http://localhost:8080"
 
 # JSON Web Token
-JWT_KEY=""
 JWT_TOKEN_EXPIRATION="86400" # in seconds
 JWT_ALGO_ENCRYPTION="HS512"
 

src/Dal/FoodItemDal.php

@@ -5,7 +5,7 @@
 use PH7\ApiSimpleMenu\Entity\Item as ItemEntity;
 use RedBeanPHP\R;
 
-class FoodItemDal
+final class FoodItemDal
 {
     public const TABLE_NAME = 'fooditems'; // Cannot have underscore. Use one word
 
@@ -46,8 +46,6 @@ public static function createDefaultItem(ItemEntity $itemEntity): int|string
     {
         $itemBan = R::dispense(self::TABLE_NAME);
 
-        // TODO Move this into Food Entity to build the item
-
         $itemBan->item_uuid = $itemEntity->getItemUuid();
         $itemBan->name = $itemEntity->getName();
         $itemBan->price = $itemEntity->getPrice();

src/Dal/TokenKeyDal.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace PH7\ApiSimpleMenu\Dal;
+
+use RedBeanPHP\R;
+
+final class TokenKeyDal
+{
+    public const TABLE_NAME = 'secretkeys';
+
+    public static function saveSecretKey(string $jwtKey)
+    {
+        $tokenBean = R::dispense(self::TABLE_NAME);
+        $tokenBean->secretKey = $jwtKey;
+
+        R::store($tokenBean);
+
+        // close connection with database
+        R::close();
+    }
+
+    public static function getSecretKey(): ?string
+    {
+        $tokenKeyBean = R::load(self::TABLE_NAME, 1);
+
+        return $tokenKeyBean?->secretKey;
+    }
+}

src/Entity/Entitable.php

@@ -6,7 +6,7 @@ interface Entitable
 {
     public function unserialize(?array $data): self;
 
-    public function setSequentialId(int $sequentialId): void;
+    public function setSequentialId(int $sequentialId): self;
 
     public function getSequentialId(): int;
 }

src/Entity/Item.php

@@ -14,49 +14,59 @@ class Item implements Entitable
 
     private bool $available;
 
-    public function setSequentialId(int $sequentialId): void
+    public function setSequentialId(int $sequentialId): self
     {
         $this->sequentialId = $sequentialId;
+
+        return $this;
     }
 
     public function getSequentialId(): int
     {
         return $this->sequentialId;
     }
 
-    public function setItemUuid(string $itemUuid): void
+    public function setItemUuid(string $itemUuid): self
     {
         $this->itemUuid = $itemUuid;
+
+        return $this;
     }
 
     public function getItemUuid(): ?string
     {
         return $this->itemUuid;
     }
 
-    public function setName(string $name): void
+    public function setName(string $name): self
     {
         $this->name = $name;
+
+        return $this;
     }
 
     public function getName(): string
     {
         return $this->name;
     }
 
-    public function setPrice(float $price): void
+    public function setPrice(float $price): self
     {
         $this->price = $price;
+
+        return $this;
     }
 
     public function getPrice(): float
     {
         return $this->price;
     }
 
-    public function setAvailable(bool $available): void
+    public function setAvailable(bool $available): self
     {
         $this->available = $available;
+
+        return $this;
     }
 
     public function getAvailable(): bool

src/Route/user.routes.php

@@ -3,6 +3,7 @@
 
 use PH7\ApiSimpleMenu\Route\Exception\NotFoundException;
 use PH7\ApiSimpleMenu\Service\Exception\EmailExistsException;
+use PH7\ApiSimpleMenu\Service\SecretKey;
 use PH7\ApiSimpleMenu\Service\User;
 use PH7\ApiSimpleMenu\Validation\Exception\InvalidValidationException;
 
@@ -29,7 +30,10 @@ public function getResponse(): string
         // Ternary conditional operator operator
         $userId = $_REQUEST['id'] ?? ''; // using the null coalescing operator
 
-        $user = new User();
+        // retrieve JWT secret key, and pass it to User Service' constructor
+        $jwtToken = SecretKey::getJwtSecretKey();
+        $user = new User($jwtToken);
+
         try {
             // check first if HTTP method for the requested endpoint is valid
             $expectHttpMethod = match ($this) {

src/Service/FoodItem.php

@@ -38,10 +38,13 @@ public function retrieveAll(): array
             // if no items have been added yet, create the first one
             $itemUuid = Uuid::uuid4()->toString();
             $itemEntity = new ItemEntity();
-            $itemEntity->setItemUuid($itemUuid);
-            $itemEntity->setName('Burrito Cheese with French Fries');
-            $itemEntity->setPrice(19.99);
-            $itemEntity->setAvailable(true);
+
+            // chaining each method with the arrow ->
+            $itemEntity
+                ->setItemUuid($itemUuid)
+                ->setName('Burrito Cheese with French Fries')
+                ->setPrice(19.99)
+                ->setAvailable(true);
 
             FoodItemDal::createDefaultItem($itemEntity);
 

src/Service/SecretKey.php

@@ -0,0 +1,22 @@
+<?php
+
+namespace PH7\ApiSimpleMenu\Service;
+
+use PH7\ApiSimpleMenu\Dal\TokenKeyDal;
+
+class SecretKey
+{
+    public static function getJwtSecretKey(): string
+    {
+        $jwtKey = TokenKeyDal::getSecretKey();
+
+        if (!$jwtKey) {
+            $uniqueSecretKey = hash('sha512', strval(time()));
+            TokenKeyDal::saveSecretKey($uniqueSecretKey);
+
+            return $uniqueSecretKey;
+        }
+
+        return $jwtKey;
+    }
+}

src/Service/User.php

@@ -17,6 +17,10 @@ class User
 {
     public const DATE_TIME_FORMAT = 'Y-m-d H:i:s';
 
+    public function __construct(protected string $jwtKey)
+    {
+    }
+
     public function login(mixed $data): array
     {
         $userValidation = new UserValidation($data);
@@ -38,7 +42,7 @@ public function login(mixed $data): array
                                 'name' => $userName
                             ]
                         ],
-                        $_ENV['JWT_KEY'],
+                        $this->jwtKey,
                         $_ENV['JWT_ALGO_ENCRYPTION']
                     );