Fix issue with expiring placeholder tokens. Bump to 2.0.1

CHANGELOG.md

@@ -1,5 +1,9 @@
 # MuxMate Changelog
 
+## 2.0.1 - 2023-11-11
+### Fixed
+- Fixed an issue where signed URL placeholder tokens would expire when used in combination with template caching  
+
 ## 2.0.0 - 2023-10-18
 ### Added
 - Added support for signing URLs  

composer.json

@@ -2,7 +2,7 @@
     "name": "vaersaagod/muxmate",
     "description": "Mux ado about streaming, mate!",
     "type": "craft-plugin",
-    "version": "2.0.0",
+    "version": "2.0.1",
     "require": {
         "php": ">=8.1",
         "craftcms/cms": "^4.5.0",

src/helpers/SignedUrlsHelper.php

@@ -70,8 +70,8 @@ public static function getToken(string|MuxPlaybackId $playbackId, string $aud, ?
             $expirationInSeconds = $minExpirationTime;
         }
 
-        $returnPlaceholder = $returnPlaceholder !== false && Craft::$app->getRequest()->getIsSiteRequest() && Craft::$app->getConfig()->getGeneral()->enableTemplateCaching;
-        if ($returnPlaceholder) {
+        // Maybe return a placeholder token
+        if ($returnPlaceholder !== false && Craft::$app->getRequest()->getIsSiteRequest() && Craft::$app->getConfig()->getGeneral()->enableTemplateCaching) {
             return SignedUrlsHelper::_getPlaceholderToken([
                 'playbackId' => $playbackId,
                 'aud' => $aud,
@@ -105,33 +105,39 @@ public static function getSigningKey(): ?MuxSigningKey
     }
 
     /**
-     * @param string $token
+     * @param string $token A hashed JWT representing a placeholder token
      * @return array|null
      */
     public static function decodePlaceholderToken(string $token): ?array
     {
-        $signingKey = SignedUrlsHelper::getSigningKey();
-        if (!$signingKey) {
+        if (!$signingKey = SignedUrlsHelper::getSigningKey()) {
             return null;
         }
-        return (array)JWT::decode($token, new Key($signingKey->id, 'HS256'));
+        try {
+            $token = Craft::$app->getSecurity()->validateData($token);
+            return (array)JWT::decode($token, new Key($signingKey->id, 'HS256'));
+        } catch (\Throwable $e) {
+            Craft::error($e, __METHOD__);
+        }
+        return null;
     }
 
     /**
-     * @param array $claims
+     * @param array $payload
      * @return string|null
      */
-    private static function _getPlaceholderToken(array $claims = []): ?string
+    private static function _getPlaceholderToken(array $payload = []): ?string
     {
-        $signingKey = SignedUrlsHelper::getSigningKey();
-        if (!$signingKey) {
+        if (!$signingKey = SignedUrlsHelper::getSigningKey()) {
+            return null;
+        }
+        try {
+            $placeholderToken = Craft::$app->getSecurity()->hashData(JWT::encode($payload, $signingKey->id, 'HS256'));
+            return "MUX_TOKEN_PLACEHOLDER{$placeholderToken}MUX_TOKEN_PLACEHOLDER";
+        } catch (\Throwable $e) {
+            Craft::error($e, __METHOD__);
             return null;
         }
-        $placeholderToken = JWT::encode([
-            ...$claims,
-            'exp' => time() + 120,
-        ], $signingKey->id, 'HS256');
-        return "MUX_TOKEN_PLACEHOLDER{$placeholderToken}MUX_TOKEN_PLACEHOLDER";
     }
 
 }