通过以下链接搜索:
unstoppablecarl / gate-crasher
更安全的Laravel超级用户认证
0.0.5
2019-03-06 20:15 UTC
Requires
- php: >=5.6.4
- illuminate/config: 5.4.* || 5.5.* || 5.6.* || 5.7.* || 5.8.*
- illuminate/contracts: 5.4.* || 5.5.* || 5.6.* || 5.7.* || 5.8.*
- illuminate/support: 5.4.* || 5.5.* || 5.6.* || 5.7.* || 5.8.*
Requires (Dev)
- illuminate/auth: 5.4.* || 5.5.* || 5.6.* || 5.7.* || 5.8.*
- phpunit/phpunit: ^5.7 || ^6 || ^7
- satooshi/php-coveralls: ^1.0
- squizlabs/php_codesniffer: ^3.0
Suggests
- unstoppablecarl/arbiter: Manage Laravel User abilities that target Users
This package is not auto-updated.
Last update: 2024-09-29 03:41:48 UTC
README
更安全的Laravel超级用户认证。
关于
Gate Crasher利用Laravel的Gate::before($beforeCallback) API来授权超级用户功能,跳过正常的Gate能力/策略功能。当调用Gate::allows()时,如果$beforeCallback返回非空结果,则该结果将被视为检查的结果。
见https://laravel.net.cn/docs/5.2/authorization
见Laravel框架中的Illuminate\Auth\Access\Gate::before()和Illuminate\Contracts\Auth\Access\Gate::before()。
要求
- PHP >= 5.5.9
- Laravel >= 5.2
安装
首选的安装方法是使用Packagist和Composer。运行以下命令安装包并将它添加到项目composer.json的依赖项中
composer require unstoppablecarl/gate-crasher
用法
应该在服务提供者的boot()方法中注册一个Gate Crasher实例。
最小Gate Crasher配置
<?php use Gate; use Illuminate\Contracts\Auth\Access\Gate as GateContract; use Illuminate\Support\ServiceProvider; use UnstoppableCarl\GateCrasher\GateCrasher; class GateCrasherServiceProvider extends ServiceProvider { public function boot(GateContract $gate) { // define a way to identify super users $superUserChecker = function ($user) { return $user->isSuperUser(); }; $gateCrasher = new GateCrasher($superUserChecker); $beforeCallback = function ($user, $ability, $args) use ($gateCrasher) { return $gateCrasher->before($user, $ability, $args); }; // get Gate instance via boot() dependency injection or app() $gate = app(GateContract::class); // set before callback to a Gate instance $gate->before($beforeCallback); // set before callback using facade Gate::before($beforeCallback); // PRO TIP: use `GateCrasher::register()` // to create and set the before callback on a Gate instance for you $gateCrasher->register($gate); } }
Gate Crasher实例的默认配置会创建以下行为
<?php // login a super user $gate = Gate::withUser($mySuperUser); // allows ALL non-policy abilities $gate->allows('foo'); // true // allows ALL non-Super User policy abilities $gate->allows('update', $someUser); // true // denies abilities that target self $gate->allows('delete', $mySuperUser); // denies abilities that target other Super Users (even when logged in as a Super User) $gate->allows('delete', $someOtherSuperUser);
配置能力
<?php use UnstoppableCarl\GateCrasher\GateCrasher; $superUserChecker = function ($user) { return $user->isSuperUser(); }; // the default result of any ability checks in the given context $contextDefaults = [ // ignored if null, falls back to default Gate::allows() check GateCrasher::SUPER_USER__TARGETING__SELF => null, // deny all abilities from non-super users targeting super users GateCrasher::SUPER_USER__TARGETING__SUPER_USER => false, // deny all abilities from non-super users targeting super users GateCrasher::NON_SUPER_USER__TARGETING__SUPER_USER => false, ]; // the result of specific ability checks in the given context $abilityOverrides = [ // super users can always update but never delete themselves GateCrasher::SUPER_USER__TARGETING__SELF => [ 'update' => true, 'delete' => false, // ... ], // super users can never update or delete other super users GateCrasher::SUPER_USER__TARGETING__SUPER_USER => [ 'update' => false, 'delete' => false, // ... ], // non-super users can never update or delete other super users GateCrasher::NON_SUPER_USER__TARGETING__SUPER_USER => [ // ignored if null, falls back to $contextDefaults then to Gate::allows() check 'view' => null, 'update' => false, 'delete' => false, // ... ], ]; $gateCrasher = new GateCrasher($superUserChecker, $contextDefaults, $abilityOverrides); use Illuminate\Contracts\Auth\Access\Gate as GateContract; $gate = app(GateContract::class); $gateCrasher->register($gate);
示例
这里包含了一个示例服务提供者
examples/GateCrasherServiceProvider.php
工作原理
这是对Gate Crasher工作原理的抽象描述。有关具体细节,请参阅源代码。
<?php use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract; Gate::allows('foo', $target); $targetIsUser = $target instanceof AuthenticatableContract; // allow ANY non-Super User target // (target can be a User, another Model, or any other value) if($sourceIsSuperUser && !$targetIsSuperUser){ return true; } // determine the context if($sourceIsSuperUser && $targetIsSuperUser){ $context = GateCrasher::SUPER_USER__TARGETING__SUPER_USER; } else if($sourceIsSuperUser && $targetIsSelf){ $context = GateCrasher::SUPER_USER__TARGETING__SELF; } else if(!$sourceIsSuperUser && $targetIsSuperUser){ $context = GateCrasher::NON_SUPER_USER__TARGETING__SUPER_USER; } // check for non-null ability override $abilityOverrideValue = $abilityOverrides[$context]['foo']; if ($abilityOverrideValue !== null) { return $abilityOverrideValue; } // check for non-null context default $contextDefaultValue = $contextDefaults[$context]; if($contextDefaultValue !== null){ return $contextDefaultValue; } // DEFAULT GATE BEHAVIOR // if a policy is registered for $target use the policy // if an ability callback is registered for 'foo' use the registered callback // return false;
运行测试
运行单元测试
$ composer phpunit
运行Codesniffer (psr-2)
$ composer phpcs
同时运行
$ composer test
贡献
欢迎贡献和Pull Requests!
请阅读CONTRIBUTING.md了解我们的行为准则和向提交Pull Requests的流程。
作者
- Carl Olsen - 初始工作 - Unstoppable Carl
查看参与此项目的贡献者列表。
许可证
本项目遵循MIT许可证 - 有关详细信息,请参阅LICENSE.md文件。