搜索germania-kg / authorization
Requires
- php: ^7.4|^8.0
- nyholm/psr7: ^1.4
- psr/container: ^1.0
- psr/http-message: ^1.0
- psr/http-server-middleware: ^1.0
- psr/log: ^1.0
Requires (Dev)
- php-coveralls/php-coveralls: ^2.0
- phpspec/prophecy: ^1.16
- phpstan/phpstan: ^1.9
- phpunit/phpunit: ^8.0|^9.0
- slim/slim: ^3.0
README
具有PSR-11容器兼容性和PSR-7样式中间件的单级授权解决方案。目前没有层次结构。
安装
$ composer require germania-kg/authorization
设置
Authorization构造函数需要一个访问控制列表,即以任务为键,以允许的角色数组为元素的数组。第二个参数定义在任务未定义的情况下是否允许。
<?php use Germania\Authorization\Authorization; // Define tasks and allowed roles $acl = array( '/foo' => [ "coworkers", "superuser"], '/bar' => [ "superuser", "registered"] ); // Wether to permit undefined tasks $default_permission = true; // Create instance, optional with PSR-3 Logger $authorization = new Authorization( $acl, $default_permission ); $authorization = new Authorization( $acl, $default_permission, $logger );
用法
Authorization类实现了定义单个authorize方法的AuthorizationInterface。此外,Authorization提供了一个__invoke函数,因此是可调用的。
<?php $user_roles = [ "coworkers", "somegroup" ]; // Result is TRUE $allowed = $authorization->authorize("/foo", $user_roles); $allowed = $authorization("/foo", $user_roles); // Result is FALSE $allowed = $authorization->authorize("/bar", $user_roles); $allowed = $authorization("/bar", $user_roles); // Should be TRUE due to default permission above $allowed = $authorization->authorize("/somethingelse", $user_roles); $allowed = $authorization("/somethingelse", $user_roles);
任务日志记录: authorize和__invoke方法都接受一个可选的PSR-3日志记录实例。这允许您禁用或覆盖在实例化时传入的默认日志记录器。示例
<?php $silent_log = new Psr\Log\NullLogger; $authorization->authorize("/foo", $user_roles, $silent_log); $authorization("/foo", $user_roles, $silent_log);
容器互操作性
AuthorizationInterface实现了PSR-11 ContainerInterface和已弃用的Interop\Container\ContainerInterface,以实现向后兼容。因此,您可以为测试您的Authorization实例是否具有任务以及获取允许的角色。
如果未定义任务,将抛出TaskNotFoundException异常。此类实现了Interop\Container\Exception\NotFoundException和PSR-11的Psr\Container\NotFoundExceptionInterface接口。
更多信息:PSR-11 Container • container-interop/container-interop
<?php use Germania\Authorization\TaskNotFoundException; use Psr\Container\NotFoundExceptionInterface; // Assuming example from above: // TRUE $has = $authorization->has( "/foo" ); // array( "coworkers", "superuser"] ) try { $roles = $authorization->get( "/foo" ); // will throw TaskNotFoundException $roles = $authorization->get( "/something-else" ); } catch (NotFoundExceptionInterface $e) { if ($e instanceOf NotFoundException) { echo "Interop Container: NotFoundException"; } }
PSR 7风格的中间件
此软件包提供了三个PSR7风格的中间件。所有中间件都接受一个Callable授权器(例如,上面的类Authorization)和可选的PSR-3日志记录器。
如果授权失败,则响应对象将获得401 未授权状态;之后,将调用下一个中间件。这允许您在后续中间件或控制器中处理未经授权的请求。
// Your Callable passed into constructor $authorize = $this->authorizer; if (!$authorize( $url )): $response = $response->withStatus( 401 ); endif; $response = $next($request, $response); return $response;
请求URI授权
RequestUriAuthorizationMiddleware将检查PSR-7请求的URI字符串;适用于大多数情况。
<?php use Germania\Authorization\RequestUriAuthorizationMiddleware; // Have your Authorization callable at hand $auth = new Authorization( ... ); // Optionally with PSR-3 Logger $middleware = new RequestUriAuthorizationMiddleware( $auth ) $middleware = new RequestUriAuthorizationMiddleware( $auth, $logger )
路由名称授权
RouteNameAuthorizationMiddleware适用于使用Slim框架的路由名称的人员。要获取当前路由名称,请将Slim的配置设置中的determineRouteBeforeAppMiddleware设置为true。
<?php use Germania\Authorization\RouteNameAuthorizationMiddleware; // Have your Authorization callable at hand $auth = new Authorization( ... ); // Optionally with PSR-3 Logger $middleware = new RouteNameAuthorizationMiddleware( $auth ); $middleware = new RouteNameAuthorizationMiddleware( $auth, $logger ); // Setup Slim App: $app = new \Slim\App( [ 'settings' => [ // Set this to true to get access to route within middleware 'determineRouteBeforeAppMiddleware' => true ] ]); // Add Middleware $app->add( $middleware );
可定制的授权
AuthorizationMiddleware是上面两个中间件的基础,并且具有更多的可配置性。它接受另一个返回您想要授权的自定义术语(或“权限”,您怎么称呼)的Callable,以及上面的示例中的我们的Authorization Callable。
<?php use Germania\Authorization\AuthorizationMiddleware; // Have your Authorization callable at hand $auth = new Authorization( ... ); // Setup Callable for URLs (or, permissions, you name it) $url_getter = function( $request ) { return (string) $request->getUri(); }; // Optionally with PSR-3 Logger $middleware = new AuthorizationMiddleware( $auth, $url_getter ); $middleware = new AuthorizationMiddleware( $auth, $url_getter, $logger );
问题
请参阅问题列表。
开发
$ git clone https://github.com/GermaniaKG/Authorization.git
$ cd Authorization
$ composer install
单元测试
可以将 phpunit.xml.dist 复制到 phpunit.xml 并根据您的需求进行修改,也可以保持原样。运行 PhpUnit 测试或类似如下命令的 Composer 脚本
$ composer test # or $ vendor/bin/phpunit