omarelgabry/lumen-api-oauth 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

omarelgabry/lumen-api-oauth

Composer 安装命令:

composer create-project omarelgabry/lumen-api-oauth

包简介

A RESTful API based on Lumen micro-framework with OAuth2.

README 文档

README

Lumen API OAuth

Lumen API OAuth

Build Status Scrutinizer Code Quality Code Climate Dependency Status

Latest Stable Version License

A RESTful API based on Lumen micro-framework with OAuth2. Lumen API OAuth is a simple application, indented for small projects, helps to understand creating RESTful APIs with Lumen and OAuth2, know how to authenticate and authorize, and more.

The RESTful API for Posts and Comments, where Users can view, create, update, and delete. It provides authorization mechanism to authorize against access tokens using OAuth2, ownership, and non-admin Vs admin users.

📣 A full tutorial on building a RESTful API with Lumen and OAuth2 can be found on Medium.

Index

Installation

Steps:

  1. Run Composer

    	composer install
    
  2. Laravel Homestead

    If you are using Laravel Homestead, then follow the Installation Guide.

  3. WAMP, LAMP, MAMP, XAMP Server

    If you are using any of WAMP, LAMP, MAMP, XAMP Servers, then don't forget to create a database, probably a MySQL database.

  4. Configure the.env file

    Rename .env.example file to .env, set your application key to a random string with 32 characters long, edit database name, database username, and database password if needed.

  5. Finally, Run Migrations and Seed the database with fake data.

    	php artisan migrate --seed
    

Terminology

There are some terminologies that will be used on the meaning of the terms used by OAuth 2.0. If you need a refresher, then check this out.

Authorization

Authorization comes in two layers. The first layer authorize against the access token, and the second one is for checking against ownership, and non-admin Vs admin users.

By default, user can delete or update a post or a comment only if he is the owner. Admins are authorized to view, create, update or delete anything.

Access Tokens

The application implements Resource owner credentials grant, which essentially requires the client to submit 5 fields: username, password, client_id, client_secret, and grant_type.

The authorization server will then issue access tokens to the client after successfully authenticating the client credentials and presenting authorization grant(user credentials).

In app/Http/routes.php, A route has been defined for requesting an access token.

Ownership, & non-Admin Vs Admin Users

Now, after validating the access token, we can extend the authorization layers and check if the current user is owner of the requested resource(i.e. post or comment), or is admin. So, How does it work?

Assign Middleware to controller

	public function __construct(){
		
		$this->middleware('oauth', ['except' => ['index', 'show']]);
		$this->middleware('authorize:' . __CLASS__, ['except' => ['index', 'show', 'store']]);
	}

Order

Please note that the middlewares has to be applied in a certain order. The oauth has to be added before the authorize Middleware.

Override isAuthorized() method

	public function isAuthorized(Request $request){

		$resource = "posts";
		$post     = Post::find($this->getArgs($request)["post_id"]);

		return $this->authorizeUser($request, $resource, $post);
	}

In app/Providers/AuthServiceProvider.php, Abilities are defined using Gate facade.

Routing

These are some of the routes defined in app/routes.php. You can test the API using Postman

HTTP Method Path Action Fields
GET /users index
POST /oauth/access_token username, password, client_id, client_secret, and grant_type.
The username field is the email in Users table.
The password field is secret.
The client_id & client_secret fields are id0 & secret0, or id1 & secret1, ...etc respectively.
The grant_type field is password.
POST /posts store access_token, title, content
PUT /posts/{post_id} update access_token, title, content
DELETE /posts/{post_id} destroy access_token

Support

I've written this script in my free time during my studies. This is for free, unpaid. If you find it useful, please support the project by spreading the word.

Contribute

Contribute by creating new issues, sending pull requests on Github or you can send an email at: omar.elgabry.93@gmail.com

Dependencies

License

Built under MIT license.

统计信息

  • 总下载量: 16
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 76
  • 点击次数: 2
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 76
  • Watchers: 8
  • Forks: 40
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2016-04-07

承接程序开发

PHP开发

VUE

Vue开发

前端开发

小程序开发

公众号开发

系统定制

数据库设计

云部署

网站建设

安全加固