在流明中保護 API
[英]Securing API in lumen
問題描述
我是 lumen 新手,我試圖通過放置一個名為 Api-Token 的代碼來保護我的注冊 api,這樣只有知道代碼的用戶才能創建新用戶,但每次我嘗試創建新用戶時,我都做不到
這是我到目前為止所做的
中間件/認證
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Factory as Auth;
use App\User;
class Authenticate
{
/**
* The authentication guard factory instance.
*
* @var \Illuminate\Contracts\Auth\Factory
*/
protected $auth;
/**
* Create a new middleware instance.
*
* @param \Illuminate\Contracts\Auth\Factory $auth
* @return void
*/
public function __construct(Auth $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string|null $guard
* @return mixed
*/
public function handle($request, Closure $next, $guard = null)
{
if ($this->auth->guard($guard)->guest()) {
if ($request->has('api_token')) {
$token = $request->input('api_token');
$check_token = User::where('api_token', $token)->first();
if ($check_token == null) {
$res['success'] = false;
$res['message'] = 'Permission not allowed!';
return response($res);
}
}else{
$res['success'] = false;
$res['message'] = 'Unauthorized!';
return response($res);
}
}
return $next($request);
}
}
身份驗證服務提供者
<?php
namespace App\Providers;
use App\User;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\ServiceProvider;
class AuthServiceProvider extends ServiceProvider
{ /** * 注冊任何應用服務。 * * @return void */ 公共函數 register() { }
/**
* Boot the authentication services for the application.
*
* @return void
*/
public function boot()
{
// Here you may define how you wish users to be authenticated for your Lumen
// application. The callback which receives the incoming request instance
// should return either a User instance or null. You're free to obtain
// the User instance via an API token or any other method necessary.
// $this->app['auth']->viaRequest('api', function ($request) {
// $header = $request->header('Api-Token');
// if ($header && $header == 'bird is a word') {
// return new User();
// }
// return null;
$this->app['auth']->viaRequest('api', function ($request) {
if ($request->input('api_token')) {
return User::where('api_token', $request->input('api_token'))->first();
}
});
}
}
路線
<?php
$app->get('/', function () use ($app) {
$res['success'] = true;
$res['result'] = "Hello there welcome to web api using lumen tutorial!";
return response($res);
});
$app->post('/login', 'LoginController@index');
$app->post('/register', ['middleware' => 'auth', 'uses' => 'UserController@register']);
$app->get('/user/{id}', ['middleware' => 'auth', 'uses' => 'UserController@get_user']);
1 個解決方案
解決方案1
2 2017-07-04 08:28:03
我建議使用 JWT (JSON WEB TOKEN) 身份驗證來保護您的 API
https://packagist.org/packages/tymon/jwt-auth
嘗試使用此軟件包將身份驗證與您的 Lumen 應用程序集成
流明API花式過濾
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.