資訊專欄INFORMATION COLUMN
摘要:服務(wù)端支持簽名授權(quán)認(rèn)證項(xiàng)目地址關(guān)于
Laravel 5 API 服務(wù)端支持簽名授權(quán)認(rèn)證
Github 項(xiàng)目地址: https://github.com/HavenShen/larsign
Api Authorized Signature Middleware for Laravel 5 關(guān)于The larsign package authorized signature server.
FeaturesHandles larsign requests
InstallationRequire the havenshen/larsign package in your composer.json and update your dependencies:
$ composer require havenshen/larsign
Add the HavenShenLarsignLarsignServiceProvider to your config/app.php providers array:
HavenShenLarsignLarsignServiceProvider::class,
Add the HavenShenLarsignLarsignFacade to your config/app.php aliases array:
"Larsign" => HavenShenLarsignLarsignFacade::class,Global usage
To allow Larsign for all your routes, add the HandleLarsign middleware in the $middleware property of app/Http/Kernel.php class:
protected $middleware = [
// ...
HavenShenLarsignHandleLarsign::class,
];
Group middleware
If you want to allow Larsign on a specific middleware group or route, add the HandleLarsign middleware to your group:
protected $middlewareGroups = [
"web" => [
// ...
],
"api" => [
// ...
HavenShenLarsignHandleLarsign::class,
],
];
Application route middleware
If you want to allow Larsign on a specific application middleware or route, add the HandleLarsign middleware to your application route:
protected $routeMiddleware = [
// ...
"auth.larsign" => HavenShenLarsignHandleLarsign::class,
];
Configuration
The defaults are set in config/larsign.php. Copy this file to your own config directory to modify the values. You can publish the config using this command:
$ php artisan vendor:publish --provider="HavenShenLarsignLarsignServiceProvider"
return [
/*
|--------------------------------------------------------------------------
| Larsign
|--------------------------------------------------------------------------
|
*/
"headerName" => env("LARSIGN_HEADER_NAME", "Larsign"),
"accessKey" => env("LARSIGN_ACCESS_KEY", ""),
"secretKey" => env("LARSIGN_SECRET_KEY", ""),
];
Add api route in routes/api.php Copy this.
Route::middleware(["auth.larsign"])->group(function () {
Route::get("/larsign", function () {
return [
"message" => "done."
]);
});
or
Route::get("/larsign", function () {
return [
"message" => "done."
];
})->middleware("auth.larsign");
Client
Generate Larsign signatures
Assume the following management credentials:
AccessKey = "test" SecretKey = "123456"
Call interface address:
url = "https://larsign.dev/api/v1/test?page=1"
The original string to be signed:
note: the time-stamping followed by a newline [currenttime + voucher valid seconds]
signingStr = "/api/v1/test?page=1 1510986405"
Base64 url safe encode:
signingStrBase64UrlSafeEncode = "L2FwaS92MS90ZXN0P3BhZ2U9MQoxNTEwOTg2NDY1"
hmac_sha1 carries SecretKey encryption then base64 url safe encode:
sign = "MLKnFIdI-0TOQ4mHn5TyCcmWACU="
The final administrative credentials are:
note: stitching headerName Space AccessKey:sign:signingStrBase64UrlSafeEncode
larsignToken = "Larsign test:MLKnFIdI-0TOQ4mHn5TyCcmWACU=:L2FwaS92MS90ZXN0P3BhZ2U9MQoxNTEwOTg2NDY1"
Add http header:
note: header key in config/larsign.php -> headerName
Larsign:Larsign test:MLKnFIdI-0TOQ4mHn5TyCcmWACU=:L2FwaS92MS90ZXN0P3BhZ2U9MQoxNTEwOTg2NDY1Client signature authorization failed
Http Response: 403Testing
$ phpunitLicense
The MIT License (MIT). Please see License File for more information.
