JWT Passthrough 到 api 的具体方法
Posted
技术标签:
【中文标题】JWT Passthrough 到 api 的具体方法【英文标题】:JWT Passthrough to specific method of api 【发布时间】:2017-06-05 11:37:49 【问题描述】:根据上面的问题,我有 api/user 包含 get、post、put 和 delete 方法。是否可以在特定方法上使用passthrough?
例如,公共方法只有get,其余的需要令牌才能使用该方法?
感谢您的回答。
$app->add(new \Slim\Middleware\JwtAuthentication([
"path" => ["/api", "/admin"],
"passthrough" => ["/api/login", "/admin/ping", "/api/user"],
"algorithm" => "HS256",
"secret" => getenv("JWT_SECRET"),
"callback" => function ($request, $response, $arguments) use ($container)
$container["jwt"] = $arguments["decoded"];
,
"error" => function ($request, $response, $arguments)
$data["status"] = "error";
$data["message"] = $arguments["message"];
return $response
->withHeader("Content-Type", "application/json")
->write(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT));
]));
【问题讨论】:
【参考方案1】:默认情况下JWT Authentication middleware 不对OPTIONS 请求进行身份验证。要还允许未经身份验证的GET 请求,您可以手动将其添加到RequestMethodRule。您的示例代码将如下所示。
require __DIR__ . "/vendor/autoload.php";
$app = new \Slim\App;
$container = $app->getContainer();
$app->add(new \Slim\Middleware\JwtAuthentication([
"path" => ["/api"],
"secret" => getenv("JWT_SECRET"),
"callback" => function ($request, $response, $arguments) use ($container)
$container["jwt"] = $arguments["decoded"];
,
"rules" => [
new \Slim\Middleware\JwtAuthentication\RequestMethodRule([
"passthrough" => ["OPTIONS", "GET"]
])
],
"error" => function ($request, $response, $arguments)
$data["status"] = "error";
$data["message"] = $arguments["message"];
return $response
->withHeader("Content-Type", "application/json")
->write(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT));
]));
$app->get("/api/user", function ($request, $response)
print "Hello\n\n";
);
$app->post("/api/user", function ($request, $response)
print "Hello\n\n";
);
$app->run();
这会产生。
$ curl --request GET --include http://127.0.0.1:8080/api/user
HTTP/1.1 200 OK
Host: 127.0.0.1:8080
Connection: close
X-Powered-By: PHP/7.0.12
Content-Type: text/html; charset=UTF-8
Content-Length: 7
Hello
$ curl --request POST --include http://127.0.0.1:8080/api/user
HTTP/1.1 401 Unauthorized
Host: 127.0.0.1:8080
Connection: close
X-Powered-By: PHP/7.0.12
Content-Type: application/json
Content-Length: 59
"status": "error",
"message": "Token not found"
【讨论】:
【参考方案2】:是的,您可以使用Slim Middleware 将授权路由组合在一起并将中间件添加到组中:
$validateUser = function($request,$response,$next)
$token = $_COOKIE['token'];
$token = JWT::decode($token,$secret,['HS256']);
if ($token->user->isAdmin)
return $next($request,$response);
return $response->withStatus(403)->withJson(array('message' => 'Forbidden'));
;
$app->get('/api/user',function($request,$response)
return $response->withJson(array('message' => 'Public route'));
);
$app->group('/api/user',function()
$this->delete('','');
$this->post('','');
$this->patch('','');
)->add($validateUser);
【讨论】:
感谢您的帮助,但我无法正常工作。我更新了我的问题并发布了我一直在使用的代码。以上是关于JWT Passthrough 到 api 的具体方法的主要内容,如果未能解决你的问题,请参考以下文章
Quest v31 Passthrough API无法透视的问题解决办法
Quest v31 Passthrough API无法透视的问题解决办法
Quest v31 Passthrough API无法透视的问题解决办法