pixxel/auth

简单的身份验证库

维护者

详情

github.com/pixxelfactory/auth

源码

问题

安装: 10

依赖: 0

建议者: 0

安全: 0

星标: 0

关注者: 1

分支: 1

开放问题: 0

1.2.2 2022-07-14 12:08 UTC

Requires

MIT 61b0d91231ef7bbba40be474ab81930350086cef

  • Pixxelfactory <box.woop@pixxelfactory.net>

This package is auto-updated.

Last update: 2024-09-30 01:46:41 UTC

README

注意:这只是为了测试目的,请勿在生产环境中使用!

好了,这些已经解决了,让我们开始吧

我编写了这个库作为一个简单的身份验证库,它应该很容易扩展。默认情况下,使用PHP会话进行持久化,使用mysql/mariadb数据库进行用户存储。然而,这些功能是以对象的形式实现并具有接口的,这允许你通过编写另一个实现(例如使用JWT令牌而不是会话、Oracle数据库或Web服务而不是mysql数据库等)来替换它们。目前它处于alpha状态,我没有实现依赖注入来加载相应的库,但将来可能会有这个选项。此外,我没有进行任何高级安全检查,甚至没有其他人进行审计,所以请小心。

安装

通过composer安装

composer require pixxel/auth

然后你可以这样使用它

require_once(dirname(__FILE__).'/vendor/autoload.php');

$secret = 'mysupersecretkey';                               // The key is used to generate a hmac verification for the data saved in the session
$dbal = new Pixxel\Dbal('dbuser', 'dbpass', 'dbname');      // By default the lib uses our dbal library for user storage
$userStorage = new Pixxel\Auth\UserStorage\Database([       // Create a user storage with the $dbal instance as db handler, the Database class contains all the methods to register / login / verify users in the db
    'dbal' => $dbal
]);
$sessionHandler = new Pixxel\Session();
$persistence = new Pixxel\Auth\Persistence\Session(['handler' => $sessionHandler, 'secret' => $secret]);    // And pass that to our session-handler, for that you could write jwt-handlers or other implementations
$auth = new Pixxel\Auth($userStorage, $persistence);        // Finally, create an auth instance and pass the user- and session-storage to it

// Now we are set and can for instance try to login a user:
if($auth->login('myusername', 'mypassword'))
{
    echo 'Success, you are now logged in!';
}
else
{
    echo 'Username or password wrong';
}

这些都是默认配置值,你可以根据需要自定义它们

用户存储

对于数据库实现,你有以下定制选项

dbal: Pass on the dbal instance
usersTable (String): The name of the table, used to load the users, defaults to "users"
usernameField (String): The name of the username field, often the field "email" is used, defaults to: "username"
conditions (Array): Further conditions, saved as Key / Value pair, for instance, sometimes you want to check a field like "active" or similar to be true, so that a user can login, in that case: ['active' => 1]
hashAlgorithm (String): The hashing algorithm used to hash passwords, supported values: "argon2i", "bcrypt", "argon2id". Defaults to "argon2i"

正在开发中,将为会话处理器提供更多选项(会话持续时间等)

Auth库可以做以下事情

1.) 添加新用户

你可以添加新用户,如果用户已经存在,它会抛出一个异常,所以它是这样工作的

try
{
    $auth->register($username, $password, ['otherfield' => 'valueforthisfield', 'anotherfieldintheusertable' => 'valueforthat']);
}
catch(\Exception $e)
{
    echo 'Something went wrong while registering a user: '.$e->getMessage();
}

2.) 用户登录

如上所示,你可以登录一个用户

if($auth->login($username, $password))
{
    echo 'Logged in';
}

一个示例,其中用户表中的active必须为1

if($auth->login($username, $password, ['active' => 1]))
{
    echo 'Logged in';
}

3.) 检查用户是否当前已登录

if($auth->isLoggedIn())
{
    echo 'Yes, someone is logged in';
}

4.) 获取当前登录用户详情

$user = $auth->getUser();   // Will return an array with the users fields apart the password or, if no user is logged in, simply false

5.) 用户登出

$auth->logout();

目前就到这里