request->getHttpMethod() !== 'POST') { return Response::errorResponse('{ "message" : "Unsupported endpoint" }'); } $json = $this->request->getData(); if (!isset($json['login']) || !isset($json['login'])) { $r = new Response(422, "login and pwd fields are mandatory"); $r->send(); } $user = User::tryLogin($json['login']); if (empty($user) || !hash_equals($json['pwd'], $user->password())) { $r = new Response(422, "wrong credentials"); $r->send(); } // generate json web token $issued_at = time(); $expiration_time = $issued_at + (60 * 60); // valid for 1 hour $token = array( "iat" => $issued_at, "exp" => $expiration_time, "iss" => JWT_ISSUER, "data" => array( "id" => $user->id(), "firstname" => $user->firstname(), "lastname" => $user->lastname(), "email" => $user->email() ) ); $jwt = JWT::encode($token, JWT_BACKEND_KEY); $jsonResult = json_encode( array( "jwt_token" => $jwt ) ); return Response::okResponse($jsonResult); } }