archerzdip/laravel-api-auth
Composer 安装命令:
composer require archerzdip/laravel-api-auth
包简介
Authorize requests to your Laravel application with API keys
README 文档
README
Installation
Run composer require archerzdip/laravel-api-auth.
Publish the migration files
$ php artisan vendor:publish
# Or...
$ php artisan vendor:publish --provider="ArcherZdip\LaravelApiAuth\Providers\ApiAuthServiceProvider"
Run the migrations
$ php artisan migrate
Console
Generate a new app using php artisan apikey:generate {name}. The name argument is the name of your APP name. All new app are active by default.
☁ demo1 php artisan apikey:generate demo-app1 +-----------+------------------+------------------------------------------------------------------+---------------------+ | AppName | appId | secret | CreateAt | +-----------+------------------+------------------------------------------------------------------+---------------------+ | demo-app1 | JNzgjqLnp1nLNCBV | G8sfHyguwhB7mGTpdp0LCBEooZPOFnzlqHX8NRCZSG7miWwPRihNw4vsmcSeYChq | 2019-08-16 06:50:08 | +-----------+------------------+------------------------------------------------------------------+---------------------+
About app opreate, like activate, deactivate, delete, refresh secret.
☁ demo1 php artisan apikey:put --help Usage: apikey:put [options] [--] <appid> Arguments: appid Options: -A, --activate Activate an App by appid -F, --deactivate Deactivate an App by appid -D, --delete Delete an App by appid -R, --refresh refresh an app's secret by appid -h, --help Display this help message
Deactivate app by appid using php artisan apikey:put {appid} -F
☁ demo1 php artisan apikey:put eA4lU1ukEWZkdmAb -F Deactivate app succ, name: demo-app2 +-----------+------------------+------------------------------------------------------------------+-------------+---------------------+ | AppName | AppId | Secret | Status | CreateAt | +-----------+------------------+------------------------------------------------------------------+-------------+---------------------+ | demo-app2 | eA4lU1ukEWZkdmAb | CxDWa7uFxgGhshmbgm0HE9bqRbVN1gj0CO47pdwZzXpWhfuebvULfUwmnCPK59ph | deactivated | 2019-08-16 06:59:06 | +-----------+------------------+------------------------------------------------------------------+-------------+---------------------+
Activate app by appid using php artisan apikey:put {appid} -A
☁ demo1 php artisan apikey:put eA4lU1ukEWZkdmAb -A Activate app succ, name: demo-app2 +-----------+------------------+------------------------------------------------------------------+--------+---------------------+ | AppName | AppId | Secret | Status | CreateAt | +-----------+------------------+------------------------------------------------------------------+--------+---------------------+ | demo-app2 | eA4lU1ukEWZkdmAb | CxDWa7uFxgGhshmbgm0HE9bqRbVN1gj0CO47pdwZzXpWhfuebvULfUwmnCPK59ph | active | 2019-08-16 06:59:06 | +-----------+------------------+------------------------------------------------------------------+--------+---------------------+
Refresh secret by appid using php artisan apikey:put {appid} -R
☁ demo1 php artisan apikey:put eA4lU1ukEWZkdmAb -R Are you sure you want to refresh this app secret, AppId:eA4lU1ukEWZkdmAb, name:demo-app2 ? (yes/no) [no]: > no ☁ demo1 php artisan apikey:put eA4lU1ukEWZkdmAb -R Are you sure you want to refresh this app secret, AppId:eA4lU1ukEWZkdmAb, name:demo-app2 ? (yes/no) [no]: > yes Refresh app secret succ, name: demo-app2 +-----------+------------------+------------------------------------------------------------------+--------+---------------------+ | AppName | AppId | Secret | Status | CreateAt | +-----------+------------------+------------------------------------------------------------------+--------+---------------------+ | demo-app2 | eA4lU1ukEWZkdmAb | A6oMUTU4XZDExbxVLGdwNdbptdKe6ewNivCloDXsRTYGTQfjCZVqMQUeiq651Zq0 | active | 2019-08-16 06:59:06 | +-----------+------------------+------------------------------------------------------------------+--------+---------------------+
Delete app by appid using php artisan apikey:put {appid} -D
☁ demo1 php artisan apikey:put JNzgjqLnp1nLNCBV -D Are you sure you want to delete AppId:JNzgjqLnp1nLNCBV, name:demo-app1 ? (yes/no) [no]: > yes Deleted app succ, name: demo-app1
List all app. The -D or --deleted flag includes deleted apps.
☁ demo1 php artisan apikey:list -D +-----------+------------------+------------------------------------------------------------------+---------+---------------------+ | AppName | AppId | Secret | Status | CreateAt | +-----------+------------------+------------------------------------------------------------------+---------+---------------------+ | demo-app1 | JNzgjqLnp1nLNCBV | G8sfHyguwhB7mGTpdp0LCBEooZPOFnzlqHX8NRCZSG7miWwPRihNw4vsmcSeYChq | deleted | 2019-08-16 06:50:08 | | demo-app2 | eA4lU1ukEWZkdmAb | A6oMUTU4XZDExbxVLGdwNdbptdKe6ewNivCloDXsRTYGTQfjCZVqMQUeiq651Zq0 | active | 2019-08-16 06:59:06 | +-----------+------------------+------------------------------------------------------------------+---------+---------------------+
Usage
A new auth.apikey route middleware has been registered for you to use in your routes or controllers. Below are examples on how to use middleware, but for detailed information, check out Middleware in the Laravel Docs.
Route example
Route::get('api/user/1', function () { // })->middleware('auth.apikey');
Controller example
class UserController extends Controller { /** * Instantiate a new controller instance. * * @return void */ public function __construct() { $this->middleware('auth.apikey'); } }
Authorizing Requests
In order to pass the auth.apikey middleware, requests must include an Authorization header as part of the request, with its value being an active API key.
Authorization: VApUyoTm5I5DtlQAJjJbmCbrdceFsVCb6H3CpsL4SdUlgGdUui8WjxwbcejAfmL7
or token={token}
Token generate regulation.
sign = sha1(appid . secret . exp) // exp = time() token = base64_encode(implode('.', [appid, sign, exp])
Event history
Any time an API key is generated, activated, deactivated, or deleted, a record is logged in the api_auth_oprate_event table. Each record contains the following information:
- app_client_id
- ip_address
- event
- created_at
- updated_at
API event history
If you open log, all API requests that pass authorization will logger. Support driver database and file. Database infomation:
- appid
- ip_address
- url
- params
- type
TODO
- Configuration way of encryption.
License
MIT license
archerzdip/laravel-api-auth 适用场景与选型建议
archerzdip/laravel-api-auth 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 2.11k 次下载、GitHub Stars 达 2, 最近一次更新时间为 2019 年 08 月 16 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「laravel」 「laravel-api」 「verity」 「laravel app auth」 「laravel-api-auth」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 archerzdip/laravel-api-auth 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 archerzdip/laravel-api-auth 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 archerzdip/laravel-api-auth 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
LarapiKit is a versatile and robust Laravel API package designed to simplify and enhance your web application development process. With a focus on security time saving and easy integration, this package empowers developers to streamline their API-related tasks, saving time and effort.
Argonaut is a lightweight Data Transfer Object (DTO) package for Laravel that supports nested casting, recursive serialization, and validation out of the box. Ideal for service layers, APIs, and clean architecture workflows.
Easily build Eloquent queries from API requests using Alchemist Restful API.
Alfabank REST API integration
Abstraction for api resources in laravel
This is my package laravel-api
统计信息
- 总下载量: 2.11k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 2
- 点击次数: 32
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2019-08-16