gupalo/google-auth-bundle

Google Auth Bundle

维护者

详细信息

github.com/gupalo/google-auth-bundle

源代码

问题

安装次数: 9,086

依赖关系: 0

建议者: 0

安全: 0

星标: 4

关注者: 2

分支: 0

开放问题: 0

类型:symfony-bundle

1.7.0 2023-01-09 10:04 UTC

Requires

Requires (Dev)

MIT 0322da12c1a40bd906da5a9f10755a2eebbf180b

This package is auto-updated.

Last update: 2024-09-09 13:37:54 UTC

README

通用认证逻辑的实现

安装

https://console.developers.google.com/apis/credentials 获取 Google App id 和 secret

添加环境变量

  • GOOGLE_AUTH_APP_ID:从 Google 控制台获取
  • GOOGLE_AUTH_APP_SECRET:从 Google 控制台获取
  • GOOGLE_AUTH_DOMAIN:允许登录的域名;若要跳过 Google 认证并登录所有用户为 ROLE_USER,则设置为 'user.dev';若为所有域名(仅 GSuite),则设置为 "*";若需要允许包括 "gmail.com" 在内的所有域名,则覆盖 google_auth_domain: null
  • GOOGLE_AUTH_USERS:应该自动激活的用户;如果没有用户,则为空
  • GOOGLE_AUTH_ADMINS:应该自动激活为管理员用户;如果没有,则为空
  • GOOGLE_AUTH_DEFAULT_APIKEY:若要自动创建具有此密钥的 "api@example.com" 用户,则设置此值

并创建 config/packages/google_auth.yaml

parameters:
    env(GOOGLE_AUTH_APP_ID): something.apps.googleusercontent.com
    env(GOOGLE_AUTH_APP_SECRET): your_secret
    env(GOOGLE_AUTH_DOMAIN): "*"
    env(GOOGLE_AUTH_USERS): user1,user2
    env(GOOGLE_AUTH_ADMINS): user1,user2
    env(GOOGLE_AUTH_DEFAULT_APIKEY): ''

    google_auth_app_id: '%env(string:GOOGLE_AUTH_APP_ID)%'
    google_auth_app_secret: '%env(string:GOOGLE_AUTH_APP_SECRET)%'
    google_auth_domain: '%env(string:GOOGLE_AUTH_DOMAIN)%'
    google_auth_users: '%env(string:GOOGLE_AUTH_USERS)%'
    google_auth_admins: '%env(string:GOOGLE_AUTH_ADMINS)%'
    google_auth_default_apikey: '%env(string:GOOGLE_AUTH_DEFAULT_APIKEY)%'

安装

composer require gupalo/google-auth-bundle
  1. 确保 GoogleAuthBundleKnpUOAuth2ClientBundle 包含在 config/bundles.php
KnpU\OAuth2ClientBundle\KnpUOAuth2ClientBundle::class => ['all' => true],
Gupalo\GoogleAuthBundle\GoogleAuthBundle::class => ['all' => true],
  1. 设置 config/packages/security.yaml
security:
    encoders:
        Symfony\Component\Security\Core\User\User:
            algorithm: bcrypt

    providers:
        database_users:
            entity: { class: 'Gupalo\GoogleAuthBundle\Entity\User', property: username }

    role_hierarchy:
        ROLE_USER: [ROLE_API]

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false
        healthcheck:
            pattern:  ^/healthcheck
            security: false
        api:
            pattern: ^/api/
            anonymous: false
            stateless: true
            guard:
                authenticators: ['google_auth.security.google_authenticator']
                entry_point: google_auth.security.google_authenticator
            provider: database_users
        main:
            pattern: ^/
            logout:
                path: google_auth_security_logout
                target: homepage
            anonymous: true
            guard:
                authenticators: ['google_auth.security.google_authenticator']
                entry_point: google_auth.security.google_authenticator
            provider: database_users
            remember_me:
                secret: "%secret%"
                lifetime: 31536000 # 365 days in seconds
                path: /
                domain: ~ # Defaults to the current domain from $_SERVER
                #always_remember_me: true
    access_control:
        - { path: ^/auth/, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api/, roles: ROLE_API }
        - { path: ^/, roles: ROLE_USER }
  1. 启用 GoogleAuthBundle 路由。添加到 config/routes/google_auth.yaml
google_auth:
    resource: "@GoogleAuthBundle/Resources/config/routing/routing.yaml"
  1. 创建 config/packages/google_auth.yaml
imports:
    - {resource: '@GoogleAuthBundle/Resources/config/services.yaml'}
  1. 更新数据库模式

开发

将 GOOGLE_AUTH_DOMAIN 设置为以下值之一用于开发环境

  • user.dev - 登录为 [User::ROLE_USER]
  • manager.dev - [User::ROLE_MANAGER]
  • admin.dev - [User::ROLE_ADMIN]
  • user-admin.dev - [User::ROLE_USER, User::ROLE_ADMIN]