通过 
搜索
搜索archerzdip / laravel-api-auth
使用API密钥授权对您的Laravel应用程序的请求
v2.0.4
2020-03-25 14:43 UTC
Requires
- php: >=7.1
Requires (Dev)
- phpunit/phpunit: ^6.1
README
安装
运行 composer require archerzdip/laravel-api-auth.
发布迁移文件
$ php artisan vendor:publish
# Or...
$ php artisan vendor:publish --provider="ArcherZdip\LaravelApiAuth\Providers\ApiAuthServiceProvider"
运行迁移
$ php artisan migrate
控制台
使用 php artisan apikey:generate {name} 生成新的应用程序。名称参数是您的应用程序名称。所有新应用程序默认都是激活状态。
☁ demo1 php artisan apikey:generate demo-app1 +-----------+------------------+------------------------------------------------------------------+---------------------+ | AppName | appId | secret | CreateAt | +-----------+------------------+------------------------------------------------------------------+---------------------+ | demo-app1 | JNzgjqLnp1nLNCBV | G8sfHyguwhB7mGTpdp0LCBEooZPOFnzlqHX8NRCZSG7miWwPRihNw4vsmcSeYChq | 2019-08-16 06:50:08 | +-----------+------------------+------------------------------------------------------------------+---------------------+
关于应用程序操作,例如激活、停用、删除、刷新密钥。
☁ demo1 php artisan apikey:put --help Usage: apikey:put [options] [--] <appid> Arguments: appid Options: -A, --activate Activate an App by appid -F, --deactivate Deactivate an App by appid -D, --delete Delete an App by appid -R, --refresh refresh an app's secret by appid -h, --help Display this help message
使用 php artisan apikey:put {appid} -F 通过appid停用应用程序
☁ demo1 php artisan apikey:put eA4lU1ukEWZkdmAb -F Deactivate app succ, name: demo-app2 +-----------+------------------+------------------------------------------------------------------+-------------+---------------------+ | AppName | AppId | Secret | Status | CreateAt | +-----------+------------------+------------------------------------------------------------------+-------------+---------------------+ | demo-app2 | eA4lU1ukEWZkdmAb | CxDWa7uFxgGhshmbgm0HE9bqRbVN1gj0CO47pdwZzXpWhfuebvULfUwmnCPK59ph | deactivated | 2019-08-16 06:59:06 | +-----------+------------------+------------------------------------------------------------------+-------------+---------------------+
使用 php artisan apikey:put {appid} -A 通过appid激活应用程序
☁ demo1 php artisan apikey:put eA4lU1ukEWZkdmAb -A Activate app succ, name: demo-app2 +-----------+------------------+------------------------------------------------------------------+--------+---------------------+ | AppName | AppId | Secret | Status | CreateAt | +-----------+------------------+------------------------------------------------------------------+--------+---------------------+ | demo-app2 | eA4lU1ukEWZkdmAb | CxDWa7uFxgGhshmbgm0HE9bqRbVN1gj0CO47pdwZzXpWhfuebvULfUwmnCPK59ph | active | 2019-08-16 06:59:06 | +-----------+------------------+------------------------------------------------------------------+--------+---------------------+
使用 php artisan apikey:put {appid} -R 通过appid刷新密钥
☁ demo1 php artisan apikey:put eA4lU1ukEWZkdmAb -R Are you sure you want to refresh this app secret, AppId:eA4lU1ukEWZkdmAb, name:demo-app2 ? (yes/no) [no]: > no ☁ demo1 php artisan apikey:put eA4lU1ukEWZkdmAb -R Are you sure you want to refresh this app secret, AppId:eA4lU1ukEWZkdmAb, name:demo-app2 ? (yes/no) [no]: > yes Refresh app secret succ, name: demo-app2 +-----------+------------------+------------------------------------------------------------------+--------+---------------------+ | AppName | AppId | Secret | Status | CreateAt | +-----------+------------------+------------------------------------------------------------------+--------+---------------------+ | demo-app2 | eA4lU1ukEWZkdmAb | A6oMUTU4XZDExbxVLGdwNdbptdKe6ewNivCloDXsRTYGTQfjCZVqMQUeiq651Zq0 | active | 2019-08-16 06:59:06 | +-----------+------------------+------------------------------------------------------------------+--------+---------------------+
使用 php artisan apikey:put {appid} -D 通过appid删除应用程序
☁ demo1 php artisan apikey:put JNzgjqLnp1nLNCBV -D Are you sure you want to delete AppId:JNzgjqLnp1nLNCBV, name:demo-app1 ? (yes/no) [no]: > yes Deleted app succ, name: demo-app1
列出所有应用程序。-D或--deleted标志包括已删除的应用程序。
☁ demo1 php artisan apikey:list -D +-----------+------------------+------------------------------------------------------------------+---------+---------------------+ | AppName | AppId | Secret | Status | CreateAt | +-----------+------------------+------------------------------------------------------------------+---------+---------------------+ | demo-app1 | JNzgjqLnp1nLNCBV | G8sfHyguwhB7mGTpdp0LCBEooZPOFnzlqHX8NRCZSG7miWwPRihNw4vsmcSeYChq | deleted | 2019-08-16 06:50:08 | | demo-app2 | eA4lU1ukEWZkdmAb | A6oMUTU4XZDExbxVLGdwNdbptdKe6ewNivCloDXsRTYGTQfjCZVqMQUeiq651Zq0 | active | 2019-08-16 06:59:06 | +-----------+------------------+------------------------------------------------------------------+---------+---------------------+
用法
已为您注册了一个新的 auth.apikey 路由中间件,您可以在路由或控制器中使用它。以下是如何使用中间件的示例,但有关详细信息,请参阅Laravel文档中的中间件。
路由示例
Route::get('api/user/1', function () { // })->middleware('auth.apikey');
控制器示例
class UserController extends Controller { /** * Instantiate a new controller instance. * * @return void */ public function __construct() { $this->middleware('auth.apikey'); } }
授权请求
为了通过 auth.apikey 中间件,请求必须包含一个作为请求一部分的 Authorization 标头,其值是一个活动的API密钥。
Authorization: VApUyoTm5I5DtlQAJjJbmCbrdceFsVCb6H3CpsL4SdUlgGdUui8WjxwbcejAfmL7
或 token={token}
令牌生成规则。
sign = sha1(appid . secret . exp) // exp = time() token = base64_encode(implode('.', [appid, sign, exp])
事件历史
每次生成API密钥、激活、停用或删除API密钥时,都会在 api_auth_oprate_event 表中记录一条记录。每条记录包含以下信息
- app_client_id
- ip_address
- event
- created_at
- updated_at
API事件历史
如果您打开日志,所有通过授权的API请求都将记录。支持数据库和文件驱动。数据库信息
- appid
- ip_address
- url
- params
- type
TODO
- 加密配置方式。
许可证
MIT许可证