#104. Change env() to config()

SoliDry · Mar 31, 2018 · 39bebd3 · 39bebd3
1 parent 895e7dc
commit 39bebd3
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -768,6 +768,11 @@ U can change those `activate` and `expires` time settings as needed.
 To protect key verification in JWT token - place `JWT_SECRET` variable to .env configuration file with secret key value assigned
 (secret can be any string at any length, but be wise to use strong one, ex.: hashed with sha1/sha2 etc).
 
+Then put the value to global configuration file `config/app.php`, we need this to apply best practices for caching configs environment. 
+```php
+'jwt_secret'     => env('JWT_SECRET', 'secret'),
+```
+
 As for any standard Laravel middleware register it in ```app/Http/Kernel.php``` :
 ```php
     /**

diff --git a/src/helpers/Jwt.php b/src/helpers/Jwt.php
@@ -1,4 +1,5 @@
 <?php
+
 namespace rjapi\helpers;
 
 use Lcobucci\JWT\Builder;
@@ -9,14 +10,16 @@
 
 class Jwt
 {
+    private const JWT_SECRETE_KEY = 'app.jwt_secret';
+
     /**
      * Fulfills the token with data and signs it with key
      * @param int $uid
      * @param string $generatedId
      *
      * @return string
      */
-    public static function create(int $uid, string $generatedId): string
+    public static function create(int $uid, string $generatedId) : string
     {
         $signer = new Sha256();
 
@@ -27,7 +30,7 @@ public static function create(int $uid, string $generatedId): string
         ->setNotBefore(time() + ConfigHelper::getNestedParam(ConfigInterface::JWT, ConfigInterface::ACTIVATE))// Configures the time that the token can be used (nbf claim)
         ->setExpiration(time() + ConfigHelper::getNestedParam(ConfigInterface::JWT, ConfigInterface::EXPIRES))// Configures the expiration time of the token (nbf claim)
         ->set('uid', $uid)// Configures a new claim, called "uid"
-        ->sign($signer, $generatedId . env('JWT_SECRET') . $uid)// glue uniqid + uid
+        ->sign($signer, $generatedId . config(self::JWT_SECRETE_KEY) . $uid)// glue uniqid + uid
         ->getToken();
     }
 
@@ -46,7 +49,6 @@ public static function verify(Token $token, string $generatedId)
         $data->setId($generatedId);
         $signer = new Sha256();
         $uid    = $token->getClaim('uid');
-
-        return $token->validate($data) && $token->verify($signer, $generatedId . env('JWT_SECRET') . $uid);
+        return $token->validate($data) && $token->verify($signer, $generatedId . config(self::JWT_SECRETE_KEY) . $uid);
     }
 }