FiveTech Support Forums

     local aH := {=>}

aH[ 'time' ] 	= time()
aH[ 'date' ] 	= date()
aH[ 'age'  ] 	= 123
aH[ 'married' ] = .T.

?? hb_jsonEncode( aH )

PROCEDURE Main( oRequest, oResponse )

   oResponse:SetHeader( "Access-Control-Allow-Origin", "http://localhost:4200" )
   oResponse:SetHeader( "Access-Control-Allow-Methods", "GET, POST, OPTIONS" )
   oResponse:SetHeader( "Access-Control-Allow-Headers", "Content-Type, Authorization" )
   oResponse:SetHeader( "Content-Type", "application/json; charset=utf-8" )

   oResponse:Write( ;
      '{ "data": {}, "status": "success", "message": "GET korrekt ausgeführt" }' ;
   )

RETURN

PROCEDURE Main()

     local aH := {=>}

aH[ 'time' ] 	= time()
aH[ 'date' ] 	= date()
aH[ 'age'  ] 	= 123
aH[ 'married' ] = .T.



   Header( "Access-Control-Allow-Origin: http://localhost:4200" )
   Header( "Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS" )
   Header( "Access-Control-Allow-Headers: Content-Type, Authorization" )
   header( "Content-Type: application/json" )

?? hb_jsonEncode( aH )
return nil


/// y en apache

<FilesMatch "\.(prg|hrb)$">
    SetHandler harbour
    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
    Header set Access-Control-Allow-Headers "Content-Type"
</FilesMatch>

LoadModule mod_harbourV2_module modules/mod_harbour.v2.so
MH_LIBRARY d:\\xampp\htdocs\\libmhapache.dll
MH_NVMS 50

function main()

local aH := {=>}

aH[ 'time' ] 	= time()
aH[ 'date' ] 	= date()
aH[ 'age'  ] 	= 123
aH[ 'married' ] = .T.

UAddHeader( "Content-Type", "application/json" )
UAddHeader( "Access-Control-Allow-Origin", '*')
	
retu hb_jsonEncode( aH )

/*
 * Copyright (c) 2019 Matteo Baccan
 * https://www.baccan.it
 *
 * Distributed under the GPL v3 software license, see the accompanying
 * file LICENSE or http://www.gnu.org/licenses/gpl.html.
 *
 */
/**
 * JWT Implementation
 *
 * https://datatracker.ietf.org/doc/html/rfc7519
 *
 */
#include "hbclass.ch"

CLASS JWT

HIDDEN:

  CLASSDATA cSecret
  CLASSDATA aHeader
  CLASSDATA aPayload
  CLASSDATA cError

  METHOD Base64UrlEncode( cData )
  METHOD Base64UrlDecode( cData )
  METHOD ByteToString( cData )
  METHOD GetSignature( cHeader, cPayload, cSecret, cAlgorithm )
  METHOD CheckPayload(aPayload, cKey)

EXPORTED:

  METHOD New() CONSTRUCTOR

  // Header
  METHOD SetType( cType )
  METHOD GetType()                          INLINE ::aHeader[ 'typ' ]
  METHOD SetContentType( cContentType )     INLINE ::aHeader[ 'cty' ] :=  cContentType
  METHOD GetContentType()                   INLINE ::aHeader[ 'cty' ]
  METHOD SetAlgorithm( cAlgorithm )
  METHOD GetAlgorithm()                     INLINE ::aHeader[ 'alg' ]

  // Payload
  METHOD SetIssuer( cIssuer )               INLINE ::SetPayloadData('iss', cIssuer)
  METHOD GetIssuer()                        INLINE ::GetPayloadData('iss')
  METHOD SetSubject( cSubject )             INLINE ::SetPayloadData('sub', cSubject)
  METHOD GetSubject()                       INLINE ::GetPayloadData('sub')
  METHOD SetAudience( cAudience )           INLINE ::SetPayloadData('aud', cAudience)
  METHOD GetAudience()                      INLINE ::GetPayloadData('aud')
  METHOD SetExpration( nExpiration )        INLINE ::SetPayloadData('exp', nExpiration)
  METHOD GetExpration()                     INLINE ::GetPayloadData('exp')
  METHOD SetNotBefore( nNotBefore )         INLINE ::SetPayloadData('nbf', nNotBefore)
  METHOD GetNotBefore()                     INLINE ::GetPayloadData('nbf')
  METHOD SetIssuedAt( nIssuedAt )           INLINE ::SetPayloadData('iat', nIssuedAt)
  METHOD GetIssuedAt()                      INLINE ::GetPayloadData('iat')
  METHOD SetJWTId( cJWTId )                 INLINE ::SetPayloadData('jti', cJWTId)
  METHOD GetJWTId()                         INLINE ::GetPayloadData('jti')

  // Payload methods
  METHOD SetPayloadData( cKey, uValue )     INLINE IF( uValue==NIL, hb_HDel(::aPayload,cKey), ::aPayload[cKey] := uValue)
  METHOD GetPayloadData( cKey )             INLINE IF( hb_HHasKey(::aPayLoad,cKey), ::aPayload[cKey], NIL )

  // Secret
  METHOD SetSecret( cSecret )               INLINE ::cSecret := cSecret
  METHOD GetSecret()                        INLINE ::cSecret

  // Error
  METHOD GetError()                         INLINE ::cError

  // Cleanup: aHeader, aPayload, cError, cSecret
  METHOD Reset()

  // Encode a JWT and return it
  METHOD Encode()

  // Decode a JWT
  METHOD Decode( cJWT )

  // Decode a JWT
  METHOD Verify( cJWT )

  // Getter internal data with internal exposion
  METHOD GetPayload()                       INLINE hb_hClone(::aPayload)
  METHOD GetHeader()                        INLINE hb_hClone(::aHeader)

  // Helper method for expiration setting
  METHOD GetSeconds()

  // Versione
  METHOD GetVersion()                       INLINE "1.0.2"

ENDCLASS

METHOD New() CLASS JWT
  ::Reset()
RETU SELF

// Optional
METHOD SetType( cType ) CLASS JWT
  LOCAL bRet := .F.

  IF cType=="JWT"
      ::aHeader[ 'typ' ] := cType
  ELSE
      bRet := .F.
      ::cError := "Invalid type [" +cType +"]"
  ENDIF

RETU bRet

// Mandatory
METHOD SetAlgorithm( cAlgorithm ) CLASS JWT
  LOCAL bRet := .F.

  IF cAlgorithm=="HS256" .OR. cAlgorithm=="HS384" .OR. cAlgorithm=="HS512"
      ::aHeader[ 'alg' ] := cAlgorithm
  ELSE
      bRet := .F.
      ::cError := "Invalid algorithm [" +cAlgorithm +"]"
  ENDIF

RETU bRet

METHOD Reset() CLASS JWT

  ::aHeader   := {=>}
  ::aPayload := {=>}
  ::cError  := ''
  ::cSecret  := ''

RETU NIL


METHOD Encode() CLASS JWT

  LOCAL cHeader
  LOCAL cPayload
  LOCAL cSignature

  //  Encode header
  cHeader     := ::Base64UrlEncode( hb_jsonEncode( ::aHeader ) )

  // Encode payload
  cPayload    := ::Base64UrlEncode( hb_jsonEncode( ::aPayload ) )

  //  Make signature
  cSignature := ::GetSignature( cHeader, cPayload, ::cSecret, ::aHeader[ 'alg' ] )

//  Return JWT
RETU cHeader + '.' + cPayload + '.' + cSignature

METHOD Base64UrlEncode( cData ) CLASS JWT
RETU hb_StrReplace( hb_base64Encode( cData ), "+/=", { "-", "_", "" } )

METHOD Base64UrlDecode( cData ) CLASS JWT
RETU hb_base64Decode( hb_StrReplace( cData, "-_", "+/" ) )

METHOD ByteToString( cData ) CLASS JWT
   LOCAL cRet := SPACE(LEN(cData)/2)
   LOCAL nLen := LEN( cData )
   LOCAL nX, nNum

   cData := UPPER(cData)
   FOR nX := 1 TO nLen STEP 2
      nNum := ( AT( SubStr( cData, nX  , 1 ), "0123456789ABCDEF" ) - 1 ) * 16
      nNum += AT( SubStr( cData, nX+1, 1 ), "0123456789ABCDEF" ) - 1
      HB_BPOKE( @cRet, (nX+1)/2, nNum )
   NEXT

RETU cRet

METHOD GetSignature( cHeader, cPayload, cSecret, cAlgorithm ) CLASS JWT
  LOCAL cSignature := ""

  DO CASE
     CASE cAlgorithm=="HS256"
         cSignature := ::Base64UrlEncode( ::ByteToString( HB_HMAC_SHA256( cHeader + '.' + cPayload, cSecret ) ) )
     CASE cAlgorithm=="HS384"
         cSignature := ::Base64UrlEncode( ::ByteToString( HB_HMAC_SHA384( cHeader + '.' + cPayload, cSecret ) ) )
     CASE cAlgorithm=="HS512"
         cSignature := ::Base64UrlEncode( ::ByteToString( HB_HMAC_SHA512( cHeader + '.' + cPayload, cSecret ) ) )
     OTHERWISE
         ::cError := "INVALID ALGORITHM"
  ENDCASE
RETU cSignature

METHOD Decode( cJWT ) CLASS JWT

  LOCAL aJWT

  // Reset Object
  ::Reset()

  // Check JWT
  IF VALTYPE(cJWT)!="C"
      ::cError := "Invalid JWT: not character ["+VALTYPE(cJWT)+"]"
      RETU .F.
  ENDIF

  //  Split JWT
  aJWT := HB_ATokens( cJWT, '.' )
  IF LEN(aJWT) <> 3
      ::cError := "Invalid JWT"
      RETU .F.
  ENDIF

  // Explode header
  ::aHeader   := hb_jsonDecode( ::Base64UrlDecode( aJWT[1] ))

  // Exploce payload
  ::aPayload  := hb_jsonDecode( ::Base64UrlDecode( aJWT[2] ))

RETU .T.

METHOD Verify( cJWT ) CLASS JWT

  LOCAL aJWT, aHeader, aPayload
  LOCAL cSignature, cNewSignature

  // Check JWT
  IF VALTYPE(cJWT)!="C"
      ::cError := "Invalid JWT: not character ["+VALTYPE(cJWT)+"]"
      RETU .F.
  ENDIF

  //  Split JWT
  aJWT := HB_ATokens( cJWT, '.' )
  IF LEN(aJWT) <> 3
      ::cError := "Invalid JWT"
      RETU .F.
  ENDIF

  // Explode header
  aHeader   := hb_jsonDecode( ::Base64UrlDecode( aJWT[1] ))

  // Check aHeader
  IF VALTYPE(aHeader)!="H"
      ::cError := "Invalid JWT: header not base64"
      RETU .F.
  ENDIF

  // Exploce payload
  aPayload   := hb_jsonDecode( ::Base64UrlDecode( aJWT[2] ))

  // Check aPayload
  IF VALTYPE(aPayload)!="H"
      ::cError := "Invalid JWT: payload not base64"
      RETU .F.
  ENDIF

  // Get signature
  cSignature  := aJWT[3]

  // Calculate new sicnature
  cNewSignature   := ::GetSignature( aJWT[1], aJWT[2], ::cSecret, aHeader[ 'alg' ] )
  IF ( cSignature != cNewSignature )
    ::cError := "Invalid signature"
    RETU .F.
  ENDIF

  // Check Issuer
  IF !::CheckPayload(aPayload, 'iss')
     ::cError := "Different issuer"
     RETU .F.
  ENDIF

  // Check Subject
  IF !::CheckPayload(aPayload, 'sub')
     ::cError := "Different subject"
     RETU .F.
  ENDIF

  // Check Audience
  IF !::CheckPayload(aPayload, 'aud')
     ::cError := "Different audience"
     RETU .F.
  ENDIF

  // Check expiration
  IF hb_HHasKey(aPayLoad,'exp')
     IF aPayLoad[ 'exp' ] < ::GetSeconds()
       ::cError := "Token expired"
       RETU .F.
     ENDIF
  ENDIF

  // Check not before
  IF hb_HHasKey(aPayLoad,'nbf')
     IF aPayLoad[ 'nbf' ] > ::GetSeconds()
       ::cError := "Token not valid until:" +STR(aPayLoad[ 'nbf' ])
       RETU .F.
     ENDIF
  ENDIF

  // Check issuedAt
  IF hb_HHasKey(aPayLoad,'iat')
     IF aPayLoad[ 'iat' ] > ::GetSeconds()
       ::cError := "Token issued in future:" +STR(aPayLoad[ 'iat' ])
       RETU .F.
     ENDIF
  ENDIF

  // Check JWT id
  IF !::CheckPayload(aPayload, 'jti')
     ::cError := "Different JWT id"
     RETU .F.
  ENDIF

  // Check Type
  IF !::CheckPayload(aPayload, 'typ')
     ::cError := "Different JWT type"
     RETU .F.
  ENDIF

RETU .T.

METHOD GetSeconds() CLASS JWT

  LOCAL posixday := date() - STOD("19700101")
  LOCAL cTime := time()
  LOCAL posixsec := posixday * 24 * 60 * 60

RETU posixsec + (int(val(substr(cTime,1,2))) * 3600) + (int(val(substr(cTime,4.2))) * 60) + ( int(val(substr(cTime,7,2))) )

METHOD CheckPayload(aPayload, cKey)
  IF hb_HHasKey(aPayLoad,cKey) .AND. hb_HHasKey(::aPayLoad,cKey)
     IF aPayLoad[ cKey ] != ::aPayLoad[ cKey ]
       RETU .F.
     ENDIF
  ELSEIF hb_HHasKey(aPayLoad,cKey) .OR. hb_HHasKey(::aPayLoad,cKey)
     RETU .F.
  ENDIF
RETU .T.

function main()

   local aH := {=>}
   local o := UJWT():New( 'MyKey' )

   aH[ 'time' ] := time()
   aH[ 'date' ] := date()
   aH[ 'age'  ] := 123
   aH[ 'married' ] := .T.

   o:SetData( aH )

retu o:encode()

function main()

   local hParam := UGet()
   local o  := UJWT():New( 'MyKey' )
   local hData := o:decode( hParam[ '_token' ] )

   UAddHeader( "Content-Type", "application/json" )
   UAddHeader( "Access-Control-Allow-Origin", '*')
	
retu hb_jsonEncode( hData )

CLASS JWT

HIDDEN:

  CLASSDATA cSecret
  CLASSDATA aHeader
  CLASSDATA aPayload
  CLASSDATA cError

  METHOD Base64UrlEncode( cData )
  METHOD Base64UrlDecode( cData )
  METHOD ByteToString( cData )
  METHOD GetSignature( cHeader, cPayload, cSecret, cAlgorithm )
  METHOD CheckPayload(aPayload, cKey)

EXPORTED:

  METHOD New() CONSTRUCTOR

  // Header
  METHOD SetType( cType )
  METHOD GetType()                          INLINE ::aHeader[ 'typ' ]
  METHOD SetContentType( cContentType )     INLINE ::aHeader[ 'cty' ] :=  cContentType
  METHOD GetContentType()                   INLINE ::aHeader[ 'cty' ]
  METHOD SetAlgorithm( cAlgorithm )
  METHOD GetAlgorithm()                     INLINE ::aHeader[ 'alg' ]

  // Payload
  METHOD SetIssuer( cIssuer )               INLINE ::SetPayloadData('iss', cIssuer)
  METHOD GetIssuer()                        INLINE ::GetPayloadData('iss')
  METHOD SetSubject( cSubject )             INLINE ::SetPayloadData('sub', cSubject)
  METHOD GetSubject()                       INLINE ::GetPayloadData('sub')
  METHOD SetAudience( cAudience )           INLINE ::SetPayloadData('aud', cAudience)
  METHOD GetAudience()                      INLINE ::GetPayloadData('aud')
  METHOD SetExpration( nExpiration )        INLINE ::SetPayloadData('exp', nExpiration)
  METHOD GetExpration()                     INLINE ::GetPayloadData('exp')
  METHOD SetNotBefore( nNotBefore )         INLINE ::SetPayloadData('nbf', nNotBefore)
  METHOD GetNotBefore()                     INLINE ::GetPayloadData('nbf')
  METHOD SetIssuedAt( nIssuedAt )           INLINE ::SetPayloadData('iat', nIssuedAt)
  METHOD GetIssuedAt()                      INLINE ::GetPayloadData('iat')
  METHOD SetJWTId( cJWTId )                 INLINE ::SetPayloadData('jti', cJWTId)
  METHOD GetJWTId()                         INLINE ::GetPayloadData('jti')

  // Payload methods
  METHOD SetPayloadData( cKey, uValue )     INLINE IF( uValue==NIL, hb_HDel(::aPayload,cKey), ::aPayload[cKey] := uValue)
  METHOD GetPayloadData( cKey )             INLINE IF( hb_HHasKey(::aPayLoad,cKey), ::aPayload[cKey], NIL )

  // Secret
  METHOD SetSecret( cSecret )               INLINE ::cSecret := cSecret
  METHOD GetSecret()                        INLINE ::cSecret

  // Error
  METHOD GetError()                         INLINE ::cError

  // Cleanup: aHeader, aPayload, cError, cSecret
  METHOD Reset()

  // Encode a JWT and return it
  METHOD Encode()

  // Decode a JWT
  METHOD Decode( cJWT )

  // Decode a JWT
  METHOD Verify( cJWT )

  // Getter internal data with internal exposion
  METHOD GetPayload()                       INLINE hb_hClone(::aPayload)
  METHOD GetHeader()                        INLINE hb_hClone(::aHeader)

  // Helper method for expiration setting
  METHOD GetSeconds()

  // Versione
  METHOD GetVersion()                       INLINE "1.0.2"

ENDCLASS

METHOD New() CLASS JWT
  ::Reset()
RETU SELF

// Optional
METHOD SetType( cType ) CLASS JWT
  LOCAL bRet := .F.

  IF cType=="JWT"
      ::aHeader[ 'typ' ] := cType
  ELSE
      bRet := .F.
      ::cError := "Invalid type [" +cType +"]"
  ENDIF

RETU bRet

// Mandatory
METHOD SetAlgorithm( cAlgorithm ) CLASS JWT
  LOCAL bRet := .F.

  IF cAlgorithm=="HS256" .OR. cAlgorithm=="HS384" .OR. cAlgorithm=="HS512"
      ::aHeader[ 'alg' ] := cAlgorithm
  ELSE
      bRet := .F.
      ::cError := "Invalid algorithm [" +cAlgorithm +"]"
  ENDIF

RETU bRet

METHOD Reset() CLASS JWT

  ::aHeader   := {=>}
  ::aPayload := {=>}
  ::cError  := ''
  ::cSecret  := ''

RETU NIL


METHOD Encode() CLASS JWT

  LOCAL cHeader
  LOCAL cPayload
  LOCAL cSignature

  //  Encode header
  cHeader     := ::Base64UrlEncode( hb_jsonEncode( ::aHeader ) )

  // Encode payload
  cPayload    := ::Base64UrlEncode( hb_jsonEncode( ::aPayload ) )

  //  Make signature
  cSignature := ::GetSignature( cHeader, cPayload, ::cSecret, ::aHeader[ 'alg' ] )

//  Return JWT
RETU cHeader + '.' + cPayload + '.' + cSignature

METHOD Base64UrlEncode( cData ) CLASS JWT
RETU hb_StrReplace( hb_base64Encode( cData ), "+/=", { "-", "_", "" } )

METHOD Base64UrlDecode( cData ) CLASS JWT
RETU hb_base64Decode( hb_StrReplace( cData, "-_", "+/" ) )

METHOD ByteToString( cData ) CLASS JWT
   LOCAL cRet := SPACE(LEN(cData)/2)
   LOCAL nLen := LEN( cData )
   LOCAL nX, nNum

   cData := UPPER(cData)
   FOR nX := 1 TO nLen STEP 2
      nNum := ( AT( SubStr( cData, nX  , 1 ), "0123456789ABCDEF" ) - 1 ) * 16
      nNum += AT( SubStr( cData, nX+1, 1 ), "0123456789ABCDEF" ) - 1
      HB_BPOKE( @cRet, (nX+1)/2, nNum )
   NEXT

RETU cRet

METHOD GetSignature( cHeader, cPayload, cSecret, cAlgorithm ) CLASS JWT
  LOCAL cSignature := ""

  DO CASE
     CASE cAlgorithm=="HS256"
         cSignature := ::Base64UrlEncode( ::ByteToString( HB_HMAC_SHA256( cHeader + '.' + cPayload, cSecret ) ) )
     CASE cAlgorithm=="HS384"
         cSignature := ::Base64UrlEncode( ::ByteToString( HB_HMAC_SHA384( cHeader + '.' + cPayload, cSecret ) ) )
     CASE cAlgorithm=="HS512"
         cSignature := ::Base64UrlEncode( ::ByteToString( HB_HMAC_SHA512( cHeader + '.' + cPayload, cSecret ) ) )
     OTHERWISE
         ::cError := "INVALID ALGORITHM"
  ENDCASE
RETU cSignature

METHOD Decode( cJWT ) CLASS JWT

  LOCAL aJWT

  // Reset Object
  ::Reset()

  // Check JWT
  IF VALTYPE(cJWT)!="C"
      ::cError := "Invalid JWT: not character ["+VALTYPE(cJWT)+"]"
      RETU .F.
  ENDIF

  //  Split JWT
  aJWT := HB_ATokens( cJWT, '.' )
  IF LEN(aJWT) <> 3
      ::cError := "Invalid JWT"
      RETU .F.
  ENDIF

  // Explode header
  ::aHeader   := hb_jsonDecode( ::Base64UrlDecode( aJWT[1] ))

  // Exploce payload
  ::aPayload  := hb_jsonDecode( ::Base64UrlDecode( aJWT[2] ))

RETU .T.

METHOD Verify( cJWT ) CLASS JWT

  LOCAL aJWT, aHeader, aPayload
  LOCAL cSignature, cNewSignature

  ::cError := ''

  // Check JWT
  IF VALTYPE(cJWT)!="C"
      ::cError := "Invalid JWT: not character ["+VALTYPE(cJWT)+"]"
      RETU .F.
  ENDIF

  //  Split JWT
  aJWT := HB_ATokens( cJWT, '.' )
  IF LEN(aJWT) <> 3
      ::cError := "Invalid JWT"
      RETU .F.
  ENDIF

  // Explode header
  aHeader   := hb_jsonDecode( ::Base64UrlDecode( aJWT[1] ))

  // Check aHeader
  IF VALTYPE(aHeader)!="H"
      ::cError := "Invalid JWT: header not base64"
      RETU .F.
  ENDIF

  // Exploce payload
  aPayload   := hb_jsonDecode( ::Base64UrlDecode( aJWT[2] ))

  // Check aPayload
  IF VALTYPE(aPayload)!="H"
      ::cError := "Invalid JWT: payload not base64"
      RETU .F.
  ENDIF

  // Get signature
  cSignature  := aJWT[3]

  // Calculate new sicnature
  cNewSignature   := ::GetSignature( aJWT[1], aJWT[2], ::cSecret, aHeader[ 'alg' ] )
  IF ( cSignature != cNewSignature )  .OR. !EMPTY(::cError)
    ::cError := "Invalid signature"
    RETU .F.
  ENDIF

  // Check Issuer
  IF !::CheckPayload(aPayload, 'iss')
     ::cError := "Different issuer"
     RETU .F.
  ENDIF

  // Check Subject
  IF !::CheckPayload(aPayload, 'sub')
     ::cError := "Different subject"
     RETU .F.
  ENDIF

  // Check Audience
  IF !::CheckPayload(aPayload, 'aud')
     ::cError := "Different audience"
     RETU .F.
  ENDIF

  // Check expiration
  IF hb_HHasKey(aPayLoad,'exp')
     IF aPayLoad[ 'exp' ] < ::GetSeconds()
       ::cError := "Token expired"
       RETU .F.
     ENDIF
  ENDIF

  // Check not before
  IF hb_HHasKey(aPayLoad,'nbf')
     IF aPayLoad[ 'nbf' ] > ::GetSeconds()
       ::cError := "Token not valid until:" +STR(aPayLoad[ 'nbf' ])
       RETU .F.
     ENDIF
  ENDIF

  // Check issuedAt
  IF hb_HHasKey(aPayLoad,'iat')
     IF aPayLoad[ 'iat' ] > ::GetSeconds()
       ::cError := "Token issued in future:" +STR(aPayLoad[ 'iat' ])
       RETU .F.
     ENDIF
  ENDIF

  // Check JWT id
  IF !::CheckPayload(aPayload, 'jti')
     ::cError := "Different JWT id"
     RETU .F.
  ENDIF

  // Check Type
  IF !::CheckPayload(aPayload, 'typ')
     ::cError := "Different JWT type"
     RETU .F.
  ENDIF

RETU .T.

METHOD GetSeconds() CLASS JWT

  LOCAL posixday := date() - STOD("19700101")
  LOCAL cTime := time()
  LOCAL posixsec := posixday * 24 * 60 * 60

RETU posixsec + (int(val(substr(cTime,1,2))) * 3600) + (int(val(substr(cTime,4.2))) * 60) + ( int(val(substr(cTime,7,2))) )

METHOD CheckPayload(aPayload, cKey)
  IF hb_HHasKey(aPayLoad,cKey) .AND. hb_HHasKey(::aPayLoad,cKey)
     IF aPayLoad[ cKey ] != ::aPayLoad[ cKey ]
       RETU .F.
     ENDIF
  ELSEIF hb_HHasKey(aPayLoad,cKey) .OR. hb_HHasKey(::aPayLoad,cKey)
     RETU .F.
  ENDIF
RETU .T.


//***************************************************************************************

#include "fivewin.ch"
#include "hbjson.ch"





/* =========================================================
   TEST FUNCTION
   ========================================================= */

PROCEDURE main()

   LOCAL hHeader := { ;
      "typ"=>"JWT", ;
      "alg"=>"HS256" ;
   }

   LOCAL hPayload := { ;
      "iss"=>"harbour-test", ;
      "sub"=>"user123", ;
      "iat"=>jwt_now(), ;
      "exp"=>jwt_now()+60 ;
   }

   LOCAL cSecret := "super-secret-key"
   LOCAL cJWT
   LOCAL hResult

   ? "=== JWT TEST ==="
   ? ""

   cJWT := jwt_encode( hHeader, hPayload, cSecret )

   ? "Generated JWT:"
   ? cJWT
   ? ""

   hResult := jwt_verify( cJWT, cSecret, { "iss"=>"harbour-test" } )

   ? "Verify result:"
   ? hb_jsonEncode( hResult, .T. )

RETURN









/* =========================================================
   Base64 URL helpers
   ========================================================= */

FUNCTION jwt_base64url_encode( cData )
RETURN hb_StrReplace( hb_base64Encode( cData ), "+/=", { "-", "_", "" } )

FUNCTION jwt_base64url_decode( cData )
RETURN hb_base64Decode( hb_StrReplace( cData, "-_", "+/" ) )

FUNCTION jwt_hex_to_bytes( cHex )
   LOCAL cRet := SPACE( LEN(cHex) / 2 )
   LOCAL i, n

   cHex := Upper( cHex )
   FOR i := 1 TO LEN(cHex) STEP 2
      n := ( AT( SubStr(cHex,i,1), "0123456789ABCDEF" ) - 1 ) * 16
      n += AT( SubStr(cHex,i+1,1), "0123456789ABCDEF" ) - 1
      HB_BPOKE( @cRet, (i+1)/2, n )
   NEXT
RETURN cRet

/* =========================================================
   HMAC signature
   ========================================================= */

FUNCTION jwt_signature( cHeader, cPayload, cSecret, cAlg )
   LOCAL cData := cHeader + "." + cPayload

   DO CASE
      CASE cAlg == "HS256"
         RETURN jwt_base64url_encode( ;
            jwt_hex_to_bytes( HB_HMAC_SHA256( cData, cSecret ) ) )

  CASE cAlg == "HS384"
     RETURN jwt_base64url_encode( ;
        jwt_hex_to_bytes( HB_HMAC_SHA384( cData, cSecret ) ) )

  CASE cAlg == "HS512"
     RETURN jwt_base64url_encode( ;
        jwt_hex_to_bytes( HB_HMAC_SHA512( cData, cSecret ) ) )
   ENDCASE

RETURN NIL

/* =========================================================
   Time helper (POSIX seconds)
   ========================================================= */

FUNCTION jwt_now()
   LOCAL d := Date() - STOD("19700101")
   LOCAL t := Time()
RETURN d*86400 + ;
       Val(SubStr(t,1,2))*3600 + ;
       Val(SubStr(t,4,2))*60 + ;
       Val(SubStr(t,7,2))

/* =========================================================
   Encode JWT
   ========================================================= */

FUNCTION jwt_encode( hHeader, hPayload, cSecret )
   LOCAL cHeader, cPayload, cSig

   cHeader  := jwt_base64url_encode( hb_jsonEncode( hHeader ) )
   cPayload := jwt_base64url_encode( hb_jsonEncode( hPayload ) )

   cSig := jwt_signature( cHeader, cPayload, cSecret, hHeader["alg"] )

RETURN cHeader + "." + cPayload + "." + cSig

/* =========================================================
   Verify JWT
   ========================================================= */

FUNCTION jwt_verify( cJWT, cSecret, hExpected )
   LOCAL aParts, hHeader, hPayload, cSig, cNewSig

   IF ValType(cJWT) != "C"
      RETURN { "ok"=>.F., "error"=>"Invalid token type" }
   ENDIF

   aParts := HB_ATokens( cJWT, "." )
   IF Len(aParts) != 3
      RETURN { "ok"=>.F., "error"=>"Malformed token" }
   ENDIF

   hHeader  := hb_jsonDecode( jwt_base64url_decode( aParts[1] ) )
   hPayload := hb_jsonDecode( jwt_base64url_decode( aParts[2] ) )

   cSig    := aParts[3]
   cNewSig := jwt_signature( aParts[1], aParts[2], cSecret, hHeader["alg"] )

   IF cSig != cNewSig
      RETURN { "ok"=>.F., "error"=>"Invalid signature" }
   ENDIF

   IF hb_HHasKey( hPayload, "exp" )
      IF hPayload["exp"] < jwt_now()
         RETURN { "ok"=>.F., "error"=>"Token expired" }
      ENDIF
   ENDIF

   IF hExpected != NIL .AND. hb_HHasKey( hExpected, "iss" )
      IF hPayload["iss"] != hExpected["iss"]
         RETURN { "ok"=>.F., "error"=>"Issuer mismatch" }
      ENDIF
   ENDIF

RETURN { "ok"=>.T., "payload"=>hPayload }