定制 queueit/knownuserv3 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

queueit/knownuserv3

Composer 安装命令:

composer require queueit/knownuserv3

包简介

The Queue-it Security Framework is used to ensure that end users cannot bypass the queue by adding a server-side integration to your server.

README 文档

README

This is not the most recent version. In order to obtain access to the most recent version, please contact your local Queue-it representative or Queue-it Support

Before getting started, please read the documentation to get acquainted with server-side connectors.

This connector supports PHP >= 5.3.3.

You can find the latest released version here and Packagist package here.

Note: this public repository is not intended to receive contributions via pull requests. The formal procedure is to inform about this through Queue-it support

Implementation

The KnownUser validation must be done on all requests except requests for static and cached pages, resources like images, css files, and .... So, if you add the KnownUser validation logic to a central place, then make sure that the Triggers only fire on page requests (including ajax requests) and not on e.g. image.

If the integrationconfig.json file is placed in the same folder as the other KnownUser files within the web application directory, Then the following method is all that’s needed to validate that a user has passed through the queue:

require_once( __DIR__ .'/Models.php');
require_once( __DIR__ .'/KnownUser.php');

$configText = file_get_contents('integrationconfig.json');
$customerID = ""; //Your Queue-it customer ID
$secretKey = ""; //Your 72-character secret key as specified in the Go Queue-it self-service platform

try
{
    $fullUrl = getFullRequestUri();
    $queueittoken = QueueIT\KnownUserV3\SDK\Utils::getParameterByName($fullUrl, QueueIT\KnownUserV3\SDK\KnownUser::QueueItTokenKey);
    $currentUrlWithoutQueueitToken = preg_replace("/([\\?&])("."queueittoken"."=[^&]*)/i", "", $fullUrl);

    //Verify if the user has passed through the queue
    $result = QueueIT\KnownUserV3\SDK\KnownUser::validateRequestByIntegrationConfig($currentUrlWithoutQueueitToken, 
			$queueittoken, $configText, $customerID, $secretKey);
		
    if($result->doRedirect())
    {
        //Adding no cache headers to prevent browsers from caching requests
        header("Expires:Fri, 01 Jan 1990 00:00:00 GMT");
        header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
        header("Pragma: no-cache");
        //end
    
        if(!$result->isAjaxResult)
        {
            //Send the user to the queue - either because the hash was missing or because it was an invalid
            header('Location: ' . $result->redirectUrl);		            
        }
        else
        {
            header('HTTP/1.0: 200');
            header($result->getAjaxQueueRedirectHeaderKey() . ': ' . $result->getAjaxRedirectUrl());            
            header("Access-Control-Expose-Headers" . ': ' . $result->getAjaxQueueRedirectHeaderKey());            
        }
		
        die();
    }
    if(!empty($queueittoken) && $result->actionType == "Queue")
    {        
        //Request can continue - we remove queueittoken from the query string to avoid sharing a user-specific token
        header('Location: ' . $currentUrlWithoutQueueitToken);
        die();
    }
}
catch(\Exception $e)
{
    // There is an error validating the request
    // Use your own logging framework to log the error
    // This is a configuration error, so we allow the user to continue
}

Helper method to get the current URL (you can use your own implementation). The result of this helper method is used to match Triggers and as the Target url (where users are returned to). It is therefore important that the result exactly matches the URL in the user's browser.

So, if your web server is, for example, behind a load balancer that modifies the hostname or port, adjust the helper method accordingly:

 function getFullRequestUri()
 {
     // Get HTTP/HTTPS (the possible values for this vary from server to server)
    $myUrl = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] && !in_array(strtolower($_SERVER['HTTPS']),array('off','no'))) ? 'https' : 'http';
    // Get domain portion
    $myUrl .= '://'.$_SERVER['HTTP_HOST'];
    // Get path to script
    $myUrl .= $_SERVER['REQUEST_URI'];
    // Add path info, if any
    if (!empty($_SERVER['PATH_INFO'])) $myUrl .= $_SERVER['PATH_INFO'];

    return $myUrl; 
 }

Implementation using inline queue configuration

Specify the configuration in code without using the Trigger/Action paradigm. In this case, it is important only to queue-up page requests and not requests for resources. This can be done by adding custom filtering logic before calling the QueueIT\KnownUserV3\SDK\KnownUser::resolveQueueRequestByLocalConfig() method.

The following is an example of how to specify the configuration in code:

require_once( __DIR__ .'/Models.php');
require_once( __DIR__ .'/KnownUser.php');

$customerID = ""; //Your Queue-it customer ID
$secretKey = ""; //Your 72 char secret key as specified in the Go Queue-it self-service platform

$eventConfig = new QueueIT\KnownUserV3\SDK\QueueEventConfig();
$eventConfig->eventId = ""; // ID of the queue to use
$eventConfig->queueDomain = "xxx.queue-it.net"; //Domain name of the queue.
//$eventConfig->cookieDomain = ".my-shop.com"; //Optional - Domain name where the Queue-it session cookie should be saved.
$eventConfig->cookieValidityMinute = 15; //Validity of the Queue-it session cookie should be a positive number.
$eventConfig->extendCookieValidity = true; //Should the Queue-it session cookie validity time be extended each time the validation runs? 
//$eventConfig->culture = "da-DK"; //Optional - Culture of the queue layout in the format specified here: https://msdn.microsoft.com/en-us/library/ee825488(v=cs.20).aspx. If unspecified, then settings from the Event will be used.
// $eventConfig->layoutName = "NameOfYourCustomLayout"; //Optional - Name of the queue layout. If unspecified, then settings from the Event will be used.

try
{    
    $fullUrl = getFullRequestUri();
    $queueittoken = QueueIT\KnownUserV3\SDK\Utils::getParameterByName($fullUrl, QueueIT\KnownUserV3\SDK\KnownUser::QueueItTokenKey);
    $currentUrlWithoutQueueitToken = preg_replace("/([\\?&])("."queueittoken"."=[^&]*)/i", "", $fullUrl);

    //Verify if the user has passed through the queue
    $result = QueueIT\KnownUserV3\SDK\KnownUser::resolveQueueRequestByLocalConfig($currentUrlWithoutQueueitToken, 
			$queueittoken, $eventConfig, $customerID, $secretKey);
	
    if($result->doRedirect())
    {
        //Adding no cache headers to prevent browsers from caching requests
        header("Expires:Fri, 01 Jan 1990 00:00:00 GMT");
        header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
        header("Pragma: no-cache");
        //end
	 if(!$result->isAjaxResult)
        {
            //Send the user to the queue - either because the hash was missing or because it was an invalid
            header('Location: ' . $result->redirectUrl);		            
        }
        else
        {
            header('HTTP/1.0: 200');
            header($result->getAjaxQueueRedirectHeaderKey() . ': '. $result->getAjaxRedirectUrl());            
            header("Access-Control-Expose-Headers" . ': ' . $result->getAjaxQueueRedirectHeaderKey());            
        }
        
        die();
    }
    if(!empty($queueittoken) && $result->actionType == "Queue")
    {        
	//Request can continue - we remove queueittoken form the query string parameter to avoid sharing of user-specific token
        header('Location: ' . $currentUrlWithoutQueueitToken);
	die();
    }
}
catch(\Exception $e)
{
    // There is an error validating the request
    // Use your own logging framework to log the error
    // This is a configuration error, so we allow the user to continue
}

Request body trigger (advanced)

The connector supports triggering on request body content. An example could be a POST call with a specific item ID where you want end-users to queue up for. For this to work, you need to contact Queue-it support or enable request body triggers in your integration settings in your GO Queue-it platform account. Once enabled you will need to update your integration so request body is available for the connector.
You need to create a new context provider similar to this one:

class HttpRequestBodyProvider extends QueueIT\KnownUserV3\SDK\HttpRequestProvider
{
    function getRequestBodyAsString()
    {
        $requestBody = file_get_contents('php://input');

        if(isset($requestBody)){
            return $requestBody;
        }
        else{
            return '';            
        }
    }
}

And then use it instead of the default HttpRequestProvider

// Default implementation of HttpRequestProvider always returns an empty string as the request body. 
// Use the following line to set a custom httpRequestBodyProvider
QueueIT\KnownUserV3\SDK\KnownUser::setHttpRequestProvider(new HttpRequestBodyProvider());

queueit/knownuserv3 适用场景与选型建议

queueit/knownuserv3 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 459.7k 次下载、GitHub Stars 达 21, 最近一次更新时间为 2017 年 09 月 04 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 queueit/knownuserv3 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 queueit/knownuserv3 我们能提供哪些服务?
定制开发 / 二次开发

基于 queueit/knownuserv3 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 459.7k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 21
  • 点击次数: 33
  • 依赖项目数: 3
  • 推荐数: 0

GitHub 信息

  • Stars: 21
  • Watchers: 11
  • Forks: 13
  • 开发语言: PHP

其他信息

  • 授权协议: LGPL-3.0
  • 更新时间: 2017-09-04