Configuracion inicial para usar atentificacion via JWT (requerido tocar el composer para firebase/jwt

ci4/app/Config/Auth.php

@@ -15,6 +15,7 @@ namespace Config;
 
 use App\Entities\Usuarios\UsersEntity;
 use App\Models\UserModel;
+use CodeIgniter\Shield\Authentication\Authenticators\JWT;
 use CodeIgniter\Shield\Authentication\Passwords\ValidationRules;
 use CodeIgniter\Shield\Config\Auth as ShieldAuth;
 use CodeIgniter\Shield\Authentication\Actions\ActionInterface;
@@ -118,7 +119,7 @@ class Auth extends ShieldAuth
         'tokens'  => AccessTokens::class,
         'session' => Session::class,
         'hmac'    => HmacSha256::class,
-        // 'jwt'     => JWT::class,
+        'jwt'     => JWT::class,
     ];
 
     /**
@@ -145,7 +146,7 @@ class Auth extends ShieldAuth
         'session',
         'tokens',
         'hmac',
-        // 'jwt',
+        'jwt',
     ];
 
     /**

ci4/app/Config/AuthJWT.php

@@ -0,0 +1,96 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * This file is part of CodeIgniter Shield.
+ *
+ * (c) CodeIgniter Foundation <admin@codeigniter.com>
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Config;
+
+use CodeIgniter\Shield\Config\AuthJWT as ShieldAuthJWT;
+
+/**
+ * JWT Authenticator Configuration
+ */
+class AuthJWT extends ShieldAuthJWT
+{
+    /**
+     * --------------------------------------------------------------------
+     * Name of Authenticator Header
+     * --------------------------------------------------------------------
+     * The name of Header that the Authorization token should be found.
+     * According to the specs, this should be `Authorization`, but rare
+     * circumstances might need a different header.
+     */
+    public string $authenticatorHeader = 'Authorization';
+
+    /**
+     * --------------------------------------------------------------------
+     * The Default Payload Items
+     * --------------------------------------------------------------------
+     * All JWTs will have these claims in the payload.
+     *
+     * @var array<string, string>
+     */
+    public array $defaultClaims = [
+        'iss' => 'https://safekat.com',
+    ];
+
+    /**
+     * --------------------------------------------------------------------
+     * The Keys
+     * --------------------------------------------------------------------
+     * The key of the array is the key group name.
+     * The first key of the group is used for signing.
+     *
+     * @var array<string, array<int, array<string, string>>>
+     * @phpstan-var array<string, list<array<string, string>>>
+     */
+    public array $keys = [
+        'default' => [
+            // Symmetric Key
+            [
+                'kid' => '',      // Key ID. Optional if you have only one key.
+                'alg' => 'HS256', // algorithm.
+                // Set secret random string. Needs at least 256 bits for HS256 algorithm.
+                // E.g., $ php -r 'echo base64_encode(random_bytes(32));'
+                'secret' => 'ZAfosrIVWDaKEhBhicTKCpW8T5ZxC3GYAxFgCkUQjlU=',
+            ],
+            // Asymmetric Key
+            // [
+            //     'kid'        => '',      // Key ID. Optional if you have only one key.
+            //     'alg'        => 'RS256', // algorithm.
+            //     'public'     => '',      // Public Key
+            //     'private'    => '',      // Private Key
+            //     'passphrase' => ''       // Passphrase
+            // ],
+        ],
+    ];
+
+    /**
+     * --------------------------------------------------------------------
+     * Time To Live (in seconds)
+     * --------------------------------------------------------------------
+     * Specifies the amount of time, in seconds, that a token is valid.
+     */
+    public int $timeToLive = HOUR;
+
+    /**
+     * --------------------------------------------------------------------
+     * Record Login Attempts
+     * --------------------------------------------------------------------
+     * Whether login attempts are recorded in the database.
+     *
+     * Valid values are:
+     * - Auth::RECORD_LOGIN_ATTEMPT_NONE
+     * - Auth::RECORD_LOGIN_ATTEMPT_FAILURE
+     * - Auth::RECORD_LOGIN_ATTEMPT_ALL
+     */
+    public int $recordLoginAttempt = Auth::RECORD_LOGIN_ATTEMPT_FAILURE;
+}

ci4/app/Config/Filters.php

@@ -8,6 +8,7 @@ use CodeIgniter\Filters\DebugToolbar;
 use CodeIgniter\Filters\Honeypot;
 use CodeIgniter\Filters\InvalidChars;
 use CodeIgniter\Filters\SecureHeaders;
+use CodeIgniter\Shield\Authentication\Authenticators\JWT;
 
 
 class Filters extends BaseConfig
@@ -43,6 +44,8 @@ class Filters extends BaseConfig
                     'login*',
                     'register',
                     'auth/a/*',
+                    'auth/jwt',
+                    'api/*',
                     'logout']
             ],
         ],
@@ -73,5 +76,9 @@ class Filters extends BaseConfig
      * Example:
      * 'isLoggedIn' => ['before' => ['account/*', 'profiles/*']]
      */
-    public array $filters = [];
+    public array $filters = [
+        /*'jwt' => [
+            'before' => ['api', 'api/*']
+        ],*/
+    ];
 }

ci4/app/Config/Routes.php

@@ -755,15 +755,23 @@ $routes->group('chat', ['namespace' => 'App\Controllers\Chat'], function ($route
     $routes->get('contact/(:num)/messages', 'ChatController::get_chat_internal_messages/$1', ['as' => 'getChatInternalMessages']);
     $routes->get('notifications', 'ChatController::get_chat_cliente/$1', ['as' => 'getChatCliente']);
 
-
-
-
-
-
-
-
 });
 
+
+/*
+ * --------------------------------------------------------------------
+ * APIs Route Definitions
+ * --------------------------------------------------------------------
+ */
+$routes->post('auth/jwt', '\App\Controllers\Sistema\AuthAPIController::jwtLogin');
+
+$routes->group('api', ['filter' => 'jwt'], static function ($routes) {
+    $routes->get('test', 'Test::echo');
+    // ...
+});
+
+
+
 /*
  * --------------------------------------------------------------------
  * Additional Routing