1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
<?php
namespace Twilio\Jwt;
use Twilio\Jwt\Client\ScopeURI;
/**
* Twilio Capability Token generator
*/
class ClientToken {
public $accountSid;
public $authToken;
/** @var ScopeURI[] $scopes */
public $scopes;
/**
* Create a new TwilioCapability with zero permissions. Next steps are to
* grant access to resources by configuring this token through the
* functions allowXXXX.
*
* @param string $accountSid the account sid to which this token is granted
* access
* @param string $authToken the secret key used to sign the token. Note,
* this auth token is not visible to the user of the token.
*/
public function __construct($accountSid, $authToken) {
$this->accountSid = $accountSid;
$this->authToken = $authToken;
$this->scopes = array();
$this->clientName = false;
}
/**
* If the user of this token should be allowed to accept incoming
* connections then configure the TwilioCapability through this method and
* specify the client name.
*
* @param $clientName
* @throws \InvalidArgumentException
*/
public function allowClientIncoming($clientName) {
// clientName must be a non-zero length alphanumeric string
if (preg_match('/\W/', $clientName)) {
throw new \InvalidArgumentException(
'Only alphanumeric characters allowed in client name.');
}
if (strlen($clientName) == 0) {
throw new \InvalidArgumentException(
'Client name must not be a zero length string.');
}
$this->clientName = $clientName;
$this->allow('client', 'incoming',
array('clientName' => $clientName));
}
/**
* Allow the user of this token to make outgoing connections.
*
* @param string $appSid the application to which this token grants access
* @param mixed[] $appParams signed parameters that the user of this token
* cannot overwrite.
*/
public function allowClientOutgoing($appSid, array $appParams = array()) {
$this->allow('client', 'outgoing', array(
'appSid' => $appSid,
'appParams' => http_build_query($appParams, '', '&')));
}
/**
* Allow the user of this token to access their event stream.
*
* @param mixed[] $filters key/value filters to apply to the event stream
*/
public function allowEventStream(array $filters = array()) {
$this->allow('stream', 'subscribe', array(
'path' => '/2010-04-01/Events',
'params' => http_build_query($filters, '', '&'),
));
}
/**
* Generates a new token based on the credentials and permissions that
* previously has been granted to this token.
*
* @param int $ttl the expiration time of the token (in seconds). Default
* value is 3600 (1hr)
* @return ClientToken the newly generated token that is valid for $ttl
* seconds
*/
public function generateToken($ttl = 3600) {
$payload = array(
'scope' => array(),
'iss' => $this->accountSid,
'exp' => time() + $ttl,
);
$scopeStrings = array();
foreach ($this->scopes as $scope) {
if ($scope->privilege == "outgoing" && $this->clientName)
$scope->params["clientName"] = $this->clientName;
$scopeStrings[] = $scope->toString();
}
$payload['scope'] = implode(' ', $scopeStrings);
return JWT::encode($payload, $this->authToken, 'HS256');
}
protected function allow($service, $privilege, $params) {
$this->scopes[] = new ScopeURI($service, $privilege, $params);
}
}
|
