通过
搜索
搜索denits / yii-apiauth
自动请求的HTTP认证
v1.0.1-beta
2015-04-07 11:20 UTC
Requires
- php: >=5.3.16
This package is not auto-updated.
Last update: 2024-09-23 11:24:23 UTC
README
ApiAuth : AAA中的第一个A
通过Http Digest或Http Basic等HTTP认证方法(或实现您自己的认证方案)认证(REST)客户端
大多数Web服务器,如Apache或IIS支持不同类型的HTTP认证,但它们与自定义用户账户源(特别是Yii中实现的)集成可能很困难(如果可能的话)。此扩展仅使用Yii、PHP和MySQL,应该很容易集成到现有的Yii授权场景中。
尽管此扩展可用于几乎任何认证场景,但它主要用于自动化,例如在REST请求中。因此,它被称为apiAuth。
Yii自带一个广泛的内置授权方案,以及许多优秀的扩展,如Rights、Auth或yii-user,您可以使用这些扩展与该扩展一起使用。@see https://yiiframework.cn/doc/guide/1.1/en/topics.auth
主页
https://github.com/DenitS/yii-apiAuth/
Git克隆
git clone git@github.com:DenitS/yii-apiAuth.git
需求
- Yii 1.1.12或更高版本
- PHP 5.3或更高版本
- 数据库系统,如MySQL(目前不支持MySQL以外的数据库系统,但可能很容易实现)。
安装
-
将apiAuth添加到扩展文件夹
-
手册
- 在扩展文件夹中创建一个名为'apiAuth'的文件夹(application.extensions)
- 将yii-apiAuth扩展的内容复制到其中。
-
Git子模块(从[webroot]/protected/extensions/命令行中)
- $
git submodule add git@github.com:DenitS/yii-apiAuth.git apiAuth
- $
-
-
通过运行(protected文件夹中的命令行)创建nonce表
$
./yiic migrate up --migrationPath=ext.apiAuth.migrations
配置
main.php
<?php return array( #... 'import' => array( #... 'ext.apiAuth.components.*', #... ), #... 'components' => array( #... 'apiAuth' => array( 'class' => 'ext.apiAuth.ApiAuth', // Below are the Extensions configurable attributes, specified with their default values. // The optional values can be left out of the configuration file (will get default values specified here) //'realm' => 'Restricted Area', //optional //'protocol' => 'digest', //optional: 'basic' or 'digest' (recommended) //'hash' => null, //optional: empty or 'md5' (recommended. See comment on apiAuthPasswordAttribute) // The name of your (api) user model (i.e.: this can be your front-end User model, or a custom Api User model) 'userClass' => 'User', //required // Let apiAuth know where to find required user model attributes 'userIdAttribute' => 'id', //required 'usernameAttribute' => 'username', //required, will be used for authentication, unless apiAuthUsernameAttribute is set. 'passwordAttribute' => 'password', //required, will be used for authentication, unless apiAuthPasswordAttribute is set. //You can specify a different username for API authentication, which doesn't have to be the same as 'usernameAttribute'. When left unset, this value will be set to the same value as usernameAttribute 'apiAuthUsernameAttribute' => 'username', //optional, when left unset, this property will take it's value from 'usernameAttribute' // IMPORTANT note about 'apiAuthPasswordAttribute': // apiAuth uses the value of apiAuthPasswordAttribute for password verification. // It's property MUST be availble in the user model. It can be left empty or unspecified // in which case it will be set to the same value as 'passwordAttribute' when the extension is // initialized. // // Please note that there are specific requirements as to how passwords are stored: // * When using 'hash' => null, store the password in plain-text. // * When using 'hash' => 'md5', encrypt your passwords using: // // $user->{apiAuthPasswordAttribute} = Yii::app()->apiAuth->encryptPassword($username, $password); // // The application's realm setting should NEVER be changed after storing digest encrypted passwords. // If the application's realm or the username changes, the encrypted password should be // updated as well, which shall be quite difficult to do if you don't have the unencrypted password. 'apiAuthPasswordAttribute' => 'api_password', //optional, when left unset, this property will take it's value from 'passwordAttribute' 'activeAttribute' => null, //optional, specify your user models boolean 'is active' attribute if it has one. When the user's attribute evalutes to false, authentication will fail. 'blockedAttribute' => null, //optional, specify your user models boolean 'is blocked' attribute if it has one. When the user's attribute evalutes to true, authentication will fail. // It is strongly recommended to leave the following setting on it's default value. // If you do override it, make sure you change it to a derived class of AUserIdentity. //'userIdentityClass' => 'AUserIdentity', //optional ), #... ), #... ); ?>
保护控制器
通过扩展控制器以AController(注意A)来保护控制器和操作。
示例
<?php class YourController extends AController {
确保您不要以相反的方式操作,例如
<?php class Controller extends AController { //this would create an infinate extends loop.
将AAuthFilter添加到您控制器中的filter()方法。
完整示例
<?php class YourController extends AController { //note: AController extends Controller, so this should not break your existing configuration. public function filters() { //Specify the ApiAuth filter to require authentication. // //If you need further access control (authorization) you can specifiy other filters here, //just make sure you specify ApiAuth as the first filter! //Authorization is slightly difficult when performed before authentication ;) // //For example, to use Yii's access control as authorization scheme, change this to: // // return array('ApiAuth', 'accessControl'); return array('ApiAuth'); } // Uncomment this method to specify Auth Rules on specific actions, verbs or IP's. // When no rules are supplied or when this method is not specified, authentication will // be required for all actions in this controller. // // These rules work almost in the same way as Yii's accessRules() allow or deny configuration, // but note that users and roles are not available here. A user has to already be logged in for these to be available. // @see AAuthRule or // @see https://yiiframework.cn/doc/guide/1.1/en/topics.auth#access-control-filter /* public function apiAuthRules() { return array( array( //allow anonymous access to the index action 'anonymous', 'actions' => array('index'), ), array( //make sure authentication is required on all other actions 'authenticate', ), ); } */ } ?>
HTTP Digest: 清理Nonces
随着时间的推移,nonce表将增长。您将需要定期清理它,但您必须手动进行此操作。我不想在每个请求上调用DELETE FROM语句,因此我在ANonce模型类中创建了一个静态方法,您可以在任何需要的地方调用该方法(见下文)。
例如,它可以从yii命令脚本中调用,然后您可以通过cron作业或Windows任务计划程序调用该脚本。
ANonce::cleanExpiredNonces();
贡献
贡献、评论、改进等总是受欢迎。