[英]codeigniter API - how can I check every POST for a certain value
I just asked THIS QUESTION and got a rather obvious and simple answer (over complicating things as always!) 我只是问了这个问题 ,得到了一个非常明显而简单的答案(一如既往地使事情变得复杂!)
The proposed solution says that every time I contact my own API I send over a 'token' - 128 bit say. 提出的解决方案说,每次我联系自己的API时,都会发送一个“令牌”(128位发言权)。
Instead I though I could do a check to see if user is logged in first (so my own website does not have to authorise each time) and if not check the posts for a 'token' 相反,我虽然可以检查用户是否首先登录(因此我自己的网站不必每次都进行授权),如果没有,请检查帖子中是否有“令牌”
What I now want to do is check every incoming POST to my API for the token. 我现在想做的是检查到API的每个传入POST的令牌。
ie use the constructor to do this rather than having to add a 'has_token' method to every single method across all my controllers. 即使用构造函数来执行此操作,而不必在所有控制器上的每个方法中都添加“ has_token”方法。
Is there a way to do this in the constructor so that any request will check against this token? 有没有办法在构造函数中执行此操作,以便任何请求都将对此令牌进行检查?
public function __construct()
{
parent::__construct();
if (!$this->authentication->logged_in())
{
if(!POST_DATA['token'] == "tokenValue"){ //PSEUDO CODE HERE FOR WHAT I WANT TO BE ABLE TO DO
redirect('auth/login', 'refresh');
}
}
}
basically is there a way to intercept all post data from none-logged in users and check that post has a 'token' set before continuing -> if not I will return an error 'invalid token' or 'token missing' (I am aware the code above does not do this!) 基本上有一种方法可以拦截未登录用户的所有帖子数据,并在继续之前检查帖子是否设置了“令牌”->如果没有,我将返回错误“无效令牌”或“令牌丢失”(我知道上面的代码无法执行此操作!)
Thanks in advance. 提前致谢。
Is this right? 这是正确的吗? Check if the user is logged in, if they're not, check the $_POST for a token, and then check if the token is valid?
检查用户是否登录,如果不是,则检查$ _POST以获取令牌,然后检查该令牌是否有效?
if ( ! $this->auth->logged_in() )
{
if ( $this->input->post('token') )
{
if ( ! $this->token_model->check_token($this->input->post('token')) )
{
// Invalid token....
}
}
else
{
// No token found
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.