定制 agungsugiarto/codeigniter4-authentication-jwt 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

agungsugiarto/codeigniter4-authentication-jwt

Composer 安装命令:

composer require agungsugiarto/codeigniter4-authentication-jwt

包简介

JSON Web Token for codeigniter4 authentication.

README 文档

README

Latest Stable Version Total Downloads Latest Unstable Version License

About

JSON Web Token for codeigniter4-authentication. This package is port from tymondesigns/jwt-auth for compability with agungsugiarto/codeigniter4-authentication.

Documentation

Install Via Composer

composer require agungsugiarto/codeigniter4-authentication-jwt

Copy the config

Copy the config file from vendor/agungsugiarto/codeigniter4-authentication-jwt/src/Config/JWT.php to config folder of your codeigniter4 application and change class extends from BaseConfig to \Fluent\JWTAuth\Config\JWT

Update your User entities

Firstly you need to implement the Fluent\JWTAuth\Contracts\JWTSubjectInterface contract on your User entities, which requires that you implement the 2 methods getJWTIdentifier() and getJWTCustomClaims().

The example below should give you an idea of how this could look. Obviously you should make any changes, as necessary, to suit your own needs.

namespace App\Entities;

//..
use Fluent\JWTAuth\Contracts\JWTSubjectInterface;

class User extends Entity implements
    //..
    JWTSubjectInterface
{
    /**
     * {@inheritdoc}
     */
    public function getJWTIdentifier()
    {
        return $this->id;
    }

    /**
     * {@inheritdoc}
     */
    public function getJWTCustomClaims()
    {
        return [];
    }
}

Adding \Fluent\JWTAuth\JWTGuard::class Guards

We need to define \Fluent\JWTAuth\JWTGuard::class authentication guards using the extend method on the Auth facade or service. You should place your call to the extend method within a service provider. Since codeigniter4-authentication already ships with an AuthServiceProvider, we can place the code in that provider. Open \App\Providers\AuthServiceProvider:

namespace App\Providers;

use Fluent\Auth\AbstractServiceProvider;
use Fluent\Auth\Facades\Auth;
use Fluent\JWTAuth\Config\Services;
use Fluent\JWTAuth\JWTGuard;

class AuthServiceProvider extends AbstractServiceProvider
{
    /**
     * {@inheritdoc}
     */
    public static function register()
    {
        Auth::extend(JWTGuard::class, function ($auth, $name, array $config) {
            return new JWTGuard(
                Services::getSharedInstance('jwt'),
                Services::getSharedInstance('request'),
                $auth->createUserProvider($config['provider']),
            );
        });
    }
}

Configure Auth guard

Inside the app/Config/Auth.php file you will need to make a few changes to configure codeigniter4-authentication to use the jwt guard to power your application authentication.

Make the following changes to the file:

public $guards = [
    //..
    'api' => [
        'driver' => \Fluent\JWTAuth\JWTGuard::class,
        'provider' => 'users',
    ],
];

Here we are telling the api guard to use the \Fluent\JWTAuth\JWTGuard::class driver, and we are setting the api guard.

Next we need to register this App\Providers\AuthServiceProvider to lifecycle application. Open App\Config\Events add this line:

Events::on('pre_system', [\App\Providers\AuthServiceProvider::class, 'register']);

We can now use codeigniter4-authentication built in Auth system, with codeigniter4-authentication-jwt doing the work behind the scenes!

Add some basic authentication routes

First let's add some routes in app/Config/Routes.php as follows:

$routes->group('jwt', function ($routes) {
    $routes->post('login', 'JwtauthController::login');
    $routes->post('logout', 'JwtauthController::logout', ['filter' => 'auth:api']);
    $routes->post('refresh', 'JwtauthController::refresh', ['filter' => 'auth:api']);
    $routes->match(['get', 'post'], 'user', 'JwtauthController::user', ['filter' => 'auth:api']);
});

Create the AuthController

Then create the JwtauthController, either manually or by running the spark command:

php spark make:controller JwtauthController

Then add the following:

<?php

namespace App\Controllers;

use App\Controllers\BaseController;
use CodeIgniter\API\ResponseTrait;

class JwtauthController extends BaseController
{
    use ResponseTrait;

    /**
     * Get a JWT via given credentials.
     *
     * @return \CodeIgniter\Http\Response
     */
    public function login()
    {
        // Validate this credentials request.
        if (! $this->validate(['email' => 'required|valid_email', 'password' => 'required'])) {
            return $this->fail($this->validator->getErrors());
        }

        $credentials = [
            'email' => $this->request->getPost('email'),
            'password' => $this->request->getPost('password')
        ];

        if (! $token = auth('api')->attempt($credentials)) {
            return $this->fail(lang('Auth.failed'), 401);
        }

        return $this->respondWithToken($token);
    }

    /**
     * Get the authenticated User.
     *
     * @return \CodeIgniter\Http\Response
     */
    public function user()
    {
        return $this->response->setJson(auth('api')->user());
    }

    /**
     * Log the user out (Invalidate the token).
     *
     * @return \CodeIgniter\Http\Response
     */
    public function logout()
    {
        auth('api')->logout();

        return $this->response->setJson(['message' => 'Successfully logged out']);
    }

    /**
     * Refresh a token.
     *
     * @return \CodeIgniter\Http\Response
     */
    public function refresh()
    {
        return $this->respondWithToken(auth('api')->refresh());
    }

    /**
     * Get the token array structure.
     *
     * @param  string $token
     *
     * @return \CodeIgniter\Http\Response
     */
    protected function respondWithToken($token)
    {
        return $this->response->setJson([
            'access_token' => $token,
            'token_type'   => 'bearer',
            'expires_in'   => auth('api')->factory()->getTTL() * 60,
        ]);
    }
}

You should now be able to POST to the login endpoint (e.g. http://example.dev/jwt/login) with some valid credentials and see a response like:

{
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ",
    "token_type": "bearer",
    "expires_in": 3600
}

This token can then be used to make authenticated requests to your application.

Authenticated requests

There are a number of ways to send the token via http:

Authorization header

Authorization: Bearer eyJhbGciOiJIUzI1NiI...

Query string parameter

http://example.dev/me?token=eyJhbGciOiJIUzI1NiI...

Post parameter

Cookies

Methods

The following methods are available on the Auth guard instance.

Multiple Guards

If the newly created 'api' guard is not set as a default guard or you have defined multiple guards to handle authentication, you should specify the guard when calling auth().

 $token = auth('api')->attempt($credentials);

attempt()

Attempt to authenticate a user via some credentials.

// Generate a token for the user if the credentials are valid
$token = auth('api')->attempt($credentials);

This will return either a jwt or boolean

login()

Log a user in and return a jwt for them.

// Get some user from somewhere
$user = (new UserModel())->first();

// Get the token
$token = auth('api')->login($user);

user()

Get the currently authenticated user.

// Get the currently authenticated user
$user = auth('api')->user();

If the user is not then authenticated, then null will be returned.

userOrFail()

Get the currently authenticated user or throw an exception.

try {
    $user = auth('api')->userOrFail();
} catch (\Fluent\JWTAuth\Exceptions\UserNotDefinedException $e) {
    // do something
}

If the user is not set, then a Fluent\JWTAuth\Exceptions\UserNotDefinedException will be thrown

logout()

Log the user out - which will invalidate the current token and unset the authenticated user.

auth('api')->logout();

// Pass true to force the token to be blacklisted "forever"
auth('api')->logout(true);

refresh()

Refresh a token, which invalidates the current one

$newToken = auth('api')->refresh();

// Pass true as the first param to force the token to be blacklisted "forever".
// The second parameter will reset the claims for the new token
$newToken = auth('api')->refresh(true, true);

invalidate()

Invalidate the token (add it to the blacklist)

auth('api')->invalidate();

// Pass true as the first param to force the token to be blacklisted "forever".
auth('api')->invalidate(true);

tokenById()

Get a token based on a given user's id.

$token = auth('api')->tokenById(123);

payload()

Get the raw JWT payload

$payload = auth('api')->payload();

// then you can access the claims directly e.g.
$payload->get('sub'); // = 123
$payload['jti']; // = 'asfe4fq434asdf'
$payload('exp') // = 123456
$payload->toArray(); // = ['sub' => 123, 'exp' => 123456, 'jti' => 'asfe4fq434asdf'] etc

validate()

Validate a user's credentials

if (auth('api')->validate($credentials)) {
    // credentials are valid
}

More advanced usage

Adding custom claims

$token = auth('api')->claims(['foo' => 'bar'])->attempt($credentials);

Set the token explicitly

$user = auth('api')->setToken('eyJhb...')->user();

Set the request instance explicitly

$user = auth('api')->setRequest($request)->user();

Override the token ttl

$token = auth('api')->setTTL(7200)->attempt($credentials);

Contributing

Contributions are very welcome.

License

Released under the MIT License, see LICENSE.

agungsugiarto/codeigniter4-authentication-jwt 适用场景与选型建议

agungsugiarto/codeigniter4-authentication-jwt 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 570 次下载、GitHub Stars 达 27, 最近一次更新时间为 2021 年 03 月 03 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「Authentication」 「auth」 「jwt」 「JSON Web Token」 「codeigniter4」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 agungsugiarto/codeigniter4-authentication-jwt 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 agungsugiarto/codeigniter4-authentication-jwt 我们能提供哪些服务?
定制开发 / 二次开发

基于 agungsugiarto/codeigniter4-authentication-jwt 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 570
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 28
  • 点击次数: 6
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 27
  • Watchers: 3
  • Forks: 7
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2021-03-03