queueit/knownuserv3
Composer 安装命令:
composer require queueit/knownuserv3
包简介
The Queue-it Security Framework is used to ensure that end users cannot bypass the queue by adding a server-side integration to your server.
README 文档
README
This is not the most recent version. In order to obtain access to the most recent version, please contact your local Queue-it representative or Queue-it Support
Before getting started, please read the documentation to get acquainted with server-side connectors.
This connector supports PHP >= 5.3.3.
You can find the latest released version here and Packagist package here.
Note: this public repository is not intended to receive contributions via pull requests. The formal procedure is to inform about this through Queue-it support
Implementation
The KnownUser validation must be done on all requests except requests for static and cached pages, resources like images, css files, and .... So, if you add the KnownUser validation logic to a central place, then make sure that the Triggers only fire on page requests (including ajax requests) and not on e.g. image.
If the integrationconfig.json file is placed in the same folder as the other KnownUser files within the web application directory, Then the following method is all that’s needed to validate that a user has passed through the queue:
require_once( __DIR__ .'/Models.php'); require_once( __DIR__ .'/KnownUser.php'); $configText = file_get_contents('integrationconfig.json'); $customerID = ""; //Your Queue-it customer ID $secretKey = ""; //Your 72-character secret key as specified in the Go Queue-it self-service platform try { $fullUrl = getFullRequestUri(); $queueittoken = QueueIT\KnownUserV3\SDK\Utils::getParameterByName($fullUrl, QueueIT\KnownUserV3\SDK\KnownUser::QueueItTokenKey); $currentUrlWithoutQueueitToken = preg_replace("/([\\?&])("."queueittoken"."=[^&]*)/i", "", $fullUrl); //Verify if the user has passed through the queue $result = QueueIT\KnownUserV3\SDK\KnownUser::validateRequestByIntegrationConfig($currentUrlWithoutQueueitToken, $queueittoken, $configText, $customerID, $secretKey); if($result->doRedirect()) { //Adding no cache headers to prevent browsers from caching requests header("Expires:Fri, 01 Jan 1990 00:00:00 GMT"); header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); header("Pragma: no-cache"); //end if(!$result->isAjaxResult) { //Send the user to the queue - either because the hash was missing or because it was an invalid header('Location: ' . $result->redirectUrl); } else { header('HTTP/1.0: 200'); header($result->getAjaxQueueRedirectHeaderKey() . ': ' . $result->getAjaxRedirectUrl()); header("Access-Control-Expose-Headers" . ': ' . $result->getAjaxQueueRedirectHeaderKey()); } die(); } if(!empty($queueittoken) && $result->actionType == "Queue") { //Request can continue - we remove queueittoken from the query string to avoid sharing a user-specific token header('Location: ' . $currentUrlWithoutQueueitToken); die(); } } catch(\Exception $e) { // There is an error validating the request // Use your own logging framework to log the error // This is a configuration error, so we allow the user to continue }
Helper method to get the current URL (you can use your own implementation). The result of this helper method is used to match Triggers and as the Target url (where users are returned to). It is therefore important that the result exactly matches the URL in the user's browser.
So, if your web server is, for example, behind a load balancer that modifies the hostname or port, adjust the helper method accordingly:
function getFullRequestUri() { // Get HTTP/HTTPS (the possible values for this vary from server to server) $myUrl = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] && !in_array(strtolower($_SERVER['HTTPS']),array('off','no'))) ? 'https' : 'http'; // Get domain portion $myUrl .= '://'.$_SERVER['HTTP_HOST']; // Get path to script $myUrl .= $_SERVER['REQUEST_URI']; // Add path info, if any if (!empty($_SERVER['PATH_INFO'])) $myUrl .= $_SERVER['PATH_INFO']; return $myUrl; }
Implementation using inline queue configuration
Specify the configuration in code without using the Trigger/Action paradigm. In this case, it is important only to queue-up page requests and not requests for resources.
This can be done by adding custom filtering logic before calling the QueueIT\KnownUserV3\SDK\KnownUser::resolveQueueRequestByLocalConfig() method.
The following is an example of how to specify the configuration in code:
require_once( __DIR__ .'/Models.php'); require_once( __DIR__ .'/KnownUser.php'); $customerID = ""; //Your Queue-it customer ID $secretKey = ""; //Your 72 char secret key as specified in the Go Queue-it self-service platform $eventConfig = new QueueIT\KnownUserV3\SDK\QueueEventConfig(); $eventConfig->eventId = ""; // ID of the queue to use $eventConfig->queueDomain = "xxx.queue-it.net"; //Domain name of the queue. //$eventConfig->cookieDomain = ".my-shop.com"; //Optional - Domain name where the Queue-it session cookie should be saved. $eventConfig->cookieValidityMinute = 15; //Validity of the Queue-it session cookie should be a positive number. $eventConfig->extendCookieValidity = true; //Should the Queue-it session cookie validity time be extended each time the validation runs? //$eventConfig->culture = "da-DK"; //Optional - Culture of the queue layout in the format specified here: https://msdn.microsoft.com/en-us/library/ee825488(v=cs.20).aspx. If unspecified, then settings from the Event will be used. // $eventConfig->layoutName = "NameOfYourCustomLayout"; //Optional - Name of the queue layout. If unspecified, then settings from the Event will be used. try { $fullUrl = getFullRequestUri(); $queueittoken = QueueIT\KnownUserV3\SDK\Utils::getParameterByName($fullUrl, QueueIT\KnownUserV3\SDK\KnownUser::QueueItTokenKey); $currentUrlWithoutQueueitToken = preg_replace("/([\\?&])("."queueittoken"."=[^&]*)/i", "", $fullUrl); //Verify if the user has passed through the queue $result = QueueIT\KnownUserV3\SDK\KnownUser::resolveQueueRequestByLocalConfig($currentUrlWithoutQueueitToken, $queueittoken, $eventConfig, $customerID, $secretKey); if($result->doRedirect()) { //Adding no cache headers to prevent browsers from caching requests header("Expires:Fri, 01 Jan 1990 00:00:00 GMT"); header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); header("Pragma: no-cache"); //end if(!$result->isAjaxResult) { //Send the user to the queue - either because the hash was missing or because it was an invalid header('Location: ' . $result->redirectUrl); } else { header('HTTP/1.0: 200'); header($result->getAjaxQueueRedirectHeaderKey() . ': '. $result->getAjaxRedirectUrl()); header("Access-Control-Expose-Headers" . ': ' . $result->getAjaxQueueRedirectHeaderKey()); } die(); } if(!empty($queueittoken) && $result->actionType == "Queue") { //Request can continue - we remove queueittoken form the query string parameter to avoid sharing of user-specific token header('Location: ' . $currentUrlWithoutQueueitToken); die(); } } catch(\Exception $e) { // There is an error validating the request // Use your own logging framework to log the error // This is a configuration error, so we allow the user to continue }
Request body trigger (advanced)
The connector supports triggering on request body content. An example could be a POST call with a specific item ID where you want end-users to queue up for.
For this to work, you need to contact Queue-it support or enable request body triggers in your integration settings in your GO Queue-it platform account.
Once enabled you will need to update your integration so request body is available for the connector.
You need to create a new context provider similar to this one:
class HttpRequestBodyProvider extends QueueIT\KnownUserV3\SDK\HttpRequestProvider { function getRequestBodyAsString() { $requestBody = file_get_contents('php://input'); if(isset($requestBody)){ return $requestBody; } else{ return ''; } } }
And then use it instead of the default HttpRequestProvider
// Default implementation of HttpRequestProvider always returns an empty string as the request body. // Use the following line to set a custom httpRequestBodyProvider QueueIT\KnownUserV3\SDK\KnownUser::setHttpRequestProvider(new HttpRequestBodyProvider());
queueit/knownuserv3 适用场景与选型建议
queueit/knownuserv3 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 459.7k 次下载、GitHub Stars 达 21, 最近一次更新时间为 2017 年 09 月 04 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 queueit/knownuserv3 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 queueit/knownuserv3 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 459.7k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 21
- 点击次数: 33
- 依赖项目数: 3
- 推荐数: 0
其他信息
- 授权协议: LGPL-3.0
- 更新时间: 2017-09-04