'JWT', 'alg' => 'HS256']); $payload = json_encode(array_merge($payload, [ 'iat' => time(), 'exp' => time() + (24 * 60 * 60) // 24 hours ])); $base64Header = self::base64UrlEncode($header); $base64Payload = self::base64UrlEncode($payload); $signature = hash_hmac('sha256', $base64Header . '.' . $base64Payload, self::$secret_key, true); $base64Signature = self::base64UrlEncode($signature); return $base64Header . '.' . $base64Payload . '.' . $base64Signature; } public static function decode($jwt) { self::init(); $parts = explode('.', $jwt); if (count($parts) !== 3) { return false; } list($base64Header, $base64Payload, $base64Signature) = $parts; $signature = self::base64UrlDecode($base64Signature); $expectedSignature = hash_hmac('sha256', $base64Header . '.' . $base64Payload, self::$secret_key, true); if (!hash_equals($signature, $expectedSignature)) { return false; } $payload = json_decode(self::base64UrlDecode($base64Payload), true); if (isset($payload['exp']) && $payload['exp'] < time()) { return false; // Token expired } return $payload; } private static function base64UrlEncode($data) { return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); } private static function base64UrlDecode($data) { return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT)); } } function generateApiToken($username) { return SimpleJWT::encode([ 'username' => $username, 'role' => 'admin' ]); } function validateApiToken($token) { $payload = SimpleJWT::decode($token); return $payload !== false ? $payload : null; } ?>