46 lines
1.4 KiB
PHP
46 lines
1.4 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace LayLink\Auth;
|
|
|
|
final class NodeAuthenticator
|
|
{
|
|
/**
|
|
* @param string[] $allowedTransports
|
|
*/
|
|
public function __construct(
|
|
private readonly array $nodes,
|
|
private readonly array $allowedTransports = ['tcp'],
|
|
) {
|
|
}
|
|
|
|
public function authenticate(array $payload): array
|
|
{
|
|
$nodeId = (string)($payload['node_id'] ?? '');
|
|
$nodeType = (string)($payload['node_type'] ?? '');
|
|
$token = (string)($payload['node_token'] ?? '');
|
|
$transport = strtolower((string)($payload['transport_protocol'] ?? 'tcp'));
|
|
|
|
if ($nodeId === '' || !isset($this->nodes[$nodeId])) {
|
|
return ['ok' => false, 'reason' => 'node_not_found'];
|
|
}
|
|
|
|
$node = $this->nodes[$nodeId];
|
|
if (($node['enabled'] ?? false) !== true) {
|
|
return ['ok' => false, 'reason' => 'node_disabled'];
|
|
}
|
|
if (($node['node_type'] ?? '') !== $nodeType) {
|
|
return ['ok' => false, 'reason' => 'node_type_mismatch'];
|
|
}
|
|
if (!hash_equals((string)($node['token'] ?? ''), $token)) {
|
|
return ['ok' => false, 'reason' => 'invalid_node_token'];
|
|
}
|
|
if (!in_array($transport, $this->allowedTransports, true)) {
|
|
return ['ok' => false, 'reason' => 'transport_not_allowed'];
|
|
}
|
|
|
|
return ['ok' => true, 'node' => $node + ['node_id' => $nodeId]];
|
|
}
|
|
}
|