[PHP]Slim 和 JWT提供安全web服务

2018-06-27  本文已影响0人  w_w_wei

Slim框架用来创建REST API, 这篇文章用来解释怎么用JWT来实现REST API安全

使用Composer安装Slim

composer create-project slim/slim-skeleton  jwtApp

安装依赖

composer require firebase/php-jwt
composer require tuupola/base62
composer require tuupola/slim-base-auth
composer require tuupola/slim-jwt-auth
composer require tuupola/cors-middleware

配置单入口文件转发

RewriteEngine On
#RewriteBase /api/
RewriteRule .* — [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [QSA,L]
# Make sure $HTTP_RAW_POST_DATA is deprecated warning does not appear
php_value always_populate_raw_post_data -1

代码编辑

1. 编辑 middleware.php 文件,添加下面的代码.

<?php
// Application middleware
// e.g: $app->add(new \Slim\Csrf\Guard);
// Adding dependencies
use Tuupola\Middleware\HttpBasicAuthentication;
$container = $app->getContainer();
$container['logger'] = function($c) {
    $logger = new \Monolog\Logger('my_logger');
    $file_handler = new \Monolog\Handler\StreamHandler("../logs/app.log");
    $logger->pushHandler($file_handler);
    return $logger;
};
$container["jwt"] = function ($container) {
    return new StdClass;
};
$app->add(new \Slim\Middleware\JwtAuthentication([
    "path" => "/",
    "logger" => $container['logger'],
    "secret" => "123456789helo_secret",
    "rules" => [
        new \Slim\Middleware\JwtAuthentication\RequestPathRule([
        "path" => "/",
        "passthrough" => ["/token", "/not-secure", "/home"]
    ]),
    new \Slim\Middleware\JwtAuthentication\RequestMethodRule([
        "passthrough" => ["OPTIONS"]
    ]),
 ],
 "callback" => function ($request, $response, $arguments) use ($container) {
    $container["jwt"] = $arguments["decoded"];
 },
 "error" => function ($request, $response, $arguments) {
    $data["status"] = "error";
    $data["message"] = $arguments["message"];
    return $response->withHeader("Content-Type", "application/json")->write(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT));
 }
]));

2. 打开routes.php文件.添加下面的代码.

<?php
// Routes
use Firebase\JWT\JWT;
use Tuupola\Base62;
$app->post("/token", function ($request, $response, $args) use ($container){
    /* Here generate and return JWT to the client. */
    //$valid_scopes = ["read", "write", "delete"]
    $requested_scopes = $request->getParsedBody() ?: [];
    $now = new DateTime();
    $future = new DateTime("+10 minutes");
    $server = $request->getServerParams();
    $jti = (new Base62)->encode(random_bytes(16));
    $payload = [
        "iat" => $now->getTimeStamp(),
        "exp" => $future->getTimeStamp(),
        "jti" => $jti,
        "sub" => $server["PHP_AUTH_USER"]
    ];
    $secret = "123456789helo_secret";
    $token = JWT::encode($payload, $secret, "HS256");
    $data["token"] = $token;
    $data["expires"] = $future->getTimeStamp();
    return $response->withStatus(201)->withHeader("Content-Type", "application/json")->write(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT));
});
$app->get("/secure", function ($request, $response, $args) {
    $data = ["status" => 1, 'msg' => "This route is secure!"];
    return $response->withStatus(200)->withHeader("Content-Type", "application/json")->write(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT));
});
$app->get("/not-secure", function ($request, $response, $args) {
    $data = ["status" => 1, 'msg' => "No need of token to access me"];
    return $response->withStatus(200)->withHeader("Content-Type", "application/json")->write(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT));
});
$app->post("/formData", function ($request, $response, $args) {
    $data = $request->getParsedBody();
    $result = ["status" => 1, 'msg' => $data];
    // Request with status response
    return $this->response->withJson($result, 200);
});
$app->get('/home', function ($request, $response, $args) {
    // Sample log message
    $this->logger->info("Slim-Skeleton '/' route");
    // Render index view
    return $this->renderer->render($response, 'index.phtml', ["name" => "Welcome to Trinity Tuts demo Api"]);
});

Demo视频
[![Demo视频](https://img.haomeiwen.com/i5941869/67a7e3dbd5fe9b66?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)](http://player.youku.com/embed/XMjY5NDA2MDI4MA== "Demo视频")

地址:
https://v.youku.com/v_show/id_XMzY4ODI2NDUyNA==.html?spm=a2hzp.8244740.0.0

另外这个demo已经无法复现估计是版本的问题,但是已经很好的展示了slim-jwt-auth的用法了

上一篇下一篇

猜你喜欢

热点阅读