README

为Phalcon提供简单的JWT中间件以处理无状态认证或基于会话的令牌。

安装

$ composer require takman1/phalcon-jwt-auth

用法

配置

在主配置或模块配置中

<?php

use Phalcon\Config;

/** @var Config $config */
return $config->merge(new Config([
    'myapi-auth' => [
        'secretKey' => $_SERVER['API_JWT_SECRET_KEY'], // secretKey comes from .env file (or ENV variables)
        'session-token-name' => 'myapi-jwt-token', // token name in session
        'payload' => [
            'exp' => 10, // in minutes
            'iss' => 'myapi-jwt-auth'
        ],
        'ignoreUri' => [
            '/',
            '/api',
            '/api/login',
            '/api/logout',
        ]
    ]
]));

在引导或索引文件中

$di->setShared(
    'dispatcher',
    function () use ($di) {
        /** @var \Phalcon\Events\ManagerInterface $eventsManager */
        $eventsManager = $di->getShared('eventsManager');
        $eventsManager->attach(
            'dispatch:beforeExecuteRoute', //plug the service to this event
            function (\Phalcon\Events\Event $event, $dispatcher) {
                return $dispatcher->getDi()
                    ->getShared('jwtAuth') // service declared bellow
                    ->beforeExecuteRoute($event, $dispatcher);
            }
        );

        $dispatcher = new \Phalcon\Mvc\Dispatcher();
        $dispatcher->setEventsManager($eventsManager);
        $dispatcher->setDefaultNamespace('App\Api\Controller');

        return $dispatcher;
    }
);

$di->setShared('jwtAuth', function () use ($di) {
    return new \Dmkit\Phalcon\Auth\Middleware\JwtAuthenticator(
        $di->get('request'),
        $di->get('response'),
        $di->get('session'),
        $di->getConfig(),
        'myapi-auth' //config key
    );
});

认证

要通过http进行认证请求，您需要设置以下授权头

Authorization: Bearer {yourtokenhere}

或将令牌作为查询字符串传递

?_token={yourtokenhere}

或在会话中设置令牌

public function myAction()
{
    // get token from session
    $tokenName = $this->config->get('myapi-auth')->get('session-token-name');
    $tokenValue = $this->session->get($tokenName);

    // set token and its payload in session
    // array of payload data, to customize 
    $payload = [
        'username' => $username,
        'password' => $password,
        'role' => 'api-user',
        'iat' => time(),
    ];
    // jwtAuth is the service name
    $token = $this->jwtAuth->make($payload);
    $this->session->set($tokenName, $token);
    
    // disconnect user by unsetting the token in session
    $this->session->remove($this->config->get('myapi-auth')->get('session-token-name'));
    
    //get payload data
    // in controller
    $this->jwtAuth->data(); // all data array
    $this->jwtAuth->data('username'); // get specific "username" data
    // in another service
    \Phalcon\Di::getDefault()->get('jwtAuth')->data();
}

回调

默认情况下，如果认证失败，中间件将停止执行路由并立即返回401未授权的响应。如果您想添加自己的处理程序

$auth->onUnauthorized(function($auth, $request, $response, $session) {

    $response->setStatusCode(401, 'Unauthorized');
    $response->setContentType("application/json");

    // to get the error messages
    $response->setContent(json_encode([$auth->getMessages()[0] ?? '']));

    // return false to stop the execution
    return false;
});

如果您想对认证进行额外检查，例如根据令牌签发日期有意使令牌过期，您可以这样操作

$auth->onCheck(function($auth) {
    // to get the payload
    $data = $auth->data();
    
    if ($data['iat'] <= strtotime('-1 day')) {
        // return false to invalidate the authentication
        return false;
    }

});

认证服务

您可以通过调用“auth”服务来访问中间件。

print_r($di->get('auth')->data());

print_r($app->getDI()->get('auth')->data('email'));

// in your controller
print_r($this->auth->data());

访问认证用户/数据

在您的控制器或路由处理程序中

echo $this->auth->id(); // will look for sub or id payload

echo $this->auth->data(); // return all payload

echo $this->auth->data('email');

原始项目

此项目基于dmkit/phalcon-jwt-auth进行分支和构建：https://github.com/dmkit/phalcon-jwt-auth