hoaaah/yii2-rest-api-template
Composer 安装命令:
composer require hoaaah/yii2-rest-api-template
包简介
REST API Template with Yii2
README 文档
README
Yii 2 REST API Template
Yii2 REST API Template
This is a a REST API TEMPLATE with Yii2. This template use Yii2-Micro approach so it will be lightweight and easy to deploy.
Installation
The preferred way to install this template is through composer.
Either run
composer create-project --prefer-dist hoaaah/yii2-rest-api-template [app_name]
Setup your database configuration from config/db.php. Create your database because this template will not create it for you :)
<?php return [ 'components' => [ 'db' => [ 'class' => 'yii\db\Connection', 'dsn' => 'mysql:host=localhost;dbname=your_db_name', 'username' => 'root', 'password' => '', 'charset' => 'utf8', ], ], ];
Then run migration to create table in selected database.
yii migrate
Directory Structure
Since this template use MicroFramework approach, directory structure might be a little bit different from Yii2.
config/ contains application configurations
controllers/ contains Web controller classes
migration/ contains list of your migration files
models/ contains model classes
modules/ contains your rest-api versioning (based on modules)
vendor/ contains dependent 3rd-party packages
web/ contains the entry script and Web resources
This template use modules as versioning pattern. Every version of API saved in a module. This template already have v1 module, so it means if consumer want to use v1 API, it can access https://your-api-url/v1/endpoint.
API Scenario
Supported Authentication
This template support 3 most used authentication. (Actually it's not me who make it, Yii2 already support it all :D ).
- HTTP Basic Auth: the access token is sent as the username. This should only be used when an access token can be safely stored on the API consumer side. For example, the API consumer is a program running on a server.
- Query parameter: the access token is sent as a query parameter in the API URL, e.g., https://example.com/users?access-token=xxxxxxxx. Because most Web servers will keep query parameters in server logs, this approach should be mainly used to serve JSONP requests which cannot use HTTP headers to send access tokens.
- OAuth 2: the access token is obtained by the consumer from an authorization server and sent to the API server via HTTP Bearer Tokens, according to the OAuth2 protocol.
Global Configuration of AuthMethods and RateLimiter
This template provide global configuration to set your application supported authMethods. You can find global configuration from app\config\params.php. Set your supported authMethods and RateLimiter from this file.
return [ 'useHttpBasicAuth' => true, 'useHttpBearerAuth' => true, 'useQueryParamAuth' => true, 'useRateLimiter' => false, ];
Example use in behaviors looks like this
use app\helpers\BehaviorsFromParamsHelper; use yii\rest\ActiveController; class PostController extends ActiveController { public $modelClass = 'app\models\Post'; public function behaviors() { $behaviors = parent::behaviors(); $behaviors = BehaviorsFromParamsHelper::behaviors($behaviors); // if you need other behaviors method use like this // $behaviors['otherMethods'] = $value; return $behaviors; } }
Ratelimiter
To enable your ratelimiter configuration, please follow official guide from Yii documentation.
Auth Scenario
This template already have basic endpoint that you can use to start your REST-API. Such as:
| Endpoint | Type | Usage |
|---|---|---|
| https://YOUR-API-URL/ | GET | list all post created |
| https://YOUR-API-URL/view?id={id} | GET | View a post |
| https://YOUR-API-URL/login | POST | Login with username and password |
| https://YOUR-API-URL/signup | POST | Signup with username, email and password |
| https://YOUR-API-URL/v1/post | GET | List all post created |
| https://YOUR-API-URL/v1/post/create | POST | Create a new post (title, body) |
| https://YOUR-API-URL/v1/post/update?id={id} | PUT / PATCH | Update a post (title, body) |
| https://YOUR-API-URL/v1/post/delete?id={id} | DELETE | Delete a post |
| https://YOUR-API-URL/v1/post/view?id={id} | GET | View a post |
Access Token Management
This application manage token via access_token table. Access Token have certain expiration based on $tokenExpiration value. Default Token Expiration are in seconds.
public $tokenExpiration = 60 * 24 * 365; // in seconds
In certain case you want to make a token expire before given tokenExpiration. Use expireThisToken() method to achieve it.
$accessToken = AccessToken::findOne(['token' => $token]); $accessToken->expireThisToken();
Or you want to make all tokens from certain user expire, use makeAllUserTokenExpiredByUserId($userId) method to achieve it.
$user = Yii::$app->user->identity; // or User::findOne($id) AccessToken::makeAllUserTokenExpiredByUserId($user->id);
API versioning
This template give you versioning scenario based on module application. In Yii2 a module are self-contained software units that consist of model, views, controllers and other supporting components. This template already have v1 module, it means all of endpoint for API v1 created in this module. When you publish a new API version (that break backward compatibility / BBC), you can create a new module. For more information create a module, you can visit this Yii2 Guide on Creating Module.
TODO
Feel free to contribute if you have any idea.
- Rest API Template
- Login and signup in SiteController
- Example of versioning and Blog Scenario
- Authentication Type from params
- Rate Limit from params
- Change auth_key for every login
- Auth_key have expiration
- each auth_key have application token
Creator
This Template was created by and is maintained by Heru Arief Wijaya.
hoaaah/yii2-rest-api-template 适用场景与选型建议
hoaaah/yii2-rest-api-template 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1.42k 次下载、GitHub Stars 达 34, 最近一次更新时间为 2020 年 03 月 29 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 hoaaah/yii2-rest-api-template 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 hoaaah/yii2-rest-api-template 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 1.42k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 35
- 点击次数: 0
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: Apache-2.0
- 更新时间: 2020-03-29