madesimple/slim-auth
Composer 安装命令:
composer require madesimple/slim-auth
包简介
Authentication and authorisation middleware for Slim framework
README 文档
README
An authentication and authorisation middleware for Slim 4 framework.
Installation
composer require madesimple/slim-auth
Authentication
A middleware to determine whether the request contains valid authentication token. The middleware has been designed so that it can easily be extended to:
- handle any type of token retrieval;
- handle any type of validation method; and,
- perform any set of actions if authentication was successful.
To use an Authentication middleware to your Slim application simply:
use Slim\Middleware\Authentication\SimpleTokenAuthentication; /** @var \Slim\App $app The Slim application */ /** @var string $pattern Pattern for either the group or a route */ /** @var callable $callable A callable for a route */ // Add to all routes: $app->add(new SimpleTokenAuthentication($app->getContainer(), $options)); // Add to a group of routes: $app->group($pattern, function () {}) ->add(new SimpleTokenAuthentication($app->getContainer(), $options)); // Add to a specific route: $app->get($pattern, $callable) ->add(new SimpleTokenAuthentication($app->getContainer(), $options));
Side node: We recommend that if you are going to be adding same authentication to more than more groups/routes to put the middleware in dependencies.php.
Default options for authentication are:
[
// boolean - whether to enforce an https connection
'secure' => true,
// array - list of hostnames/IP addresses to ignore the secure flag
'relaxed' => ['localhost', '127.0.0.1'],
// array - list of environment variables to check for the token (set to an empty array to skip)
'environment' => ['HTTP_AUTHORIZATION', 'REDIRECT_HTTP_AUTHORIZATION'],
// string - the header to check for the token (set to false, null, or '' to skip)
'header' => 'X-Auth',
// string - the regex to match the token ($match[$options['index']] is used as the token)
'regex' => '/(.*)/',
// integer - the regex index to use as the token
'index' => 1,
// string - the cookie to check for the token (set to false, null, or '' to skip)
'cookie' => 'X-Auth',
// string - the identifier for the token in the payload
'payload' => null,
// string - the name to store the token in the request attributes
'attribute' => 'token',
// object - an instance of a Psr\LoggerInterface
'logger' => null,
];
When authentication fails the middleware throws an HttpUnauthorizedException is thrown.
SimpleTokenAuthentication
Simple token authentication is an implementation of Authentication which allows the user to provide a callable to validate a token. The callable is passed to Simple token authentication using the option:
[
// callable - function to validate the token [required]
'validate' => null,
];
The callable should have the following signature:
function ($token): bool { /** @var bool $isValid Populated by this function, true if the token is valid */ return $isValid; }
JwtAuthentication
JWT authentication is an implementation of Authentication which allows the user to use JWT as authentication tokens. JWT authentication overrides the default regex, and adds two extra options:
[
// string - Overrides the default regex
'regex' => '/Bearer\s+(.*)$/i',
// string - JWT secret [required]
'secret' => '',
// array - list of JWT algorithms [optional]
'algorithm' => ['HS256', 'HS512', 'HS384'],
];
Authorisation
A middleware to determine whether an authenticated request has authorisation to access the requested route.
When Authorisation fails the middleware throws an HttpForbiddenException exception.
Note: If you need to access the route from within your app middleware you will need to add the Middleware\RoutingMiddleware middleware to your application just before you call run().
madesimple/slim-auth 适用场景与选型建议
madesimple/slim-auth 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 10.71k 次下载、GitHub Stars 达 17, 最近一次更新时间为 2017 年 09 月 13 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 madesimple/slim-auth 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 madesimple/slim-auth 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 10.71k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 17
- 点击次数: 0
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2017-09-13