sinbadxiii/phalcon-auth-jwt
Composer 安装命令:
composer require sinbadxiii/phalcon-auth-jwt
包简介
Basic Phalcon JWT Auth
README 文档
README
Example micro app sinbadxiii/phalcon-auth-jwt-example
Additional JWT guard for the Phalcon authentication library sinbadxiii/phalcon-auth
Demo
Requirements
Phalcon: ^5
PHP: ^7.4 || ^8.1
Installation
Install via composer
Run the following command to pull in the latest version::
composer require "sinbadxiii/phalcon-auth-jwt"
Add service provider
use Sinbadxiii\PhalconAuthJWT\Blacklist; use Sinbadxiii\PhalconAuthJWT\Builder; use Sinbadxiii\PhalconAuthJWT\Http\Parser\Chains\AuthHeaders; use Sinbadxiii\PhalconAuthJWT\Http\Parser\Chains\InputSource; use Sinbadxiii\PhalconAuthJWT\Http\Parser\Chains\QueryString; use Sinbadxiii\PhalconAuthJWT\Http\Parser\Parser; use Sinbadxiii\PhalconAuthJWT\JWT; use Sinbadxiii\PhalconAuthJWT\Manager as JWTManager; $di->setShared("jwt", function () { $configJwt = $this->getConfig()->path('jwt'); $providerJwt = $configJwt->providers->jwt; $builder = new Builder(); $builder->lockSubject($configJwt->lock_subject) ->setTTL($configJwt->ttl) ->setRequiredClaims($configJwt->required_claims->toArray()) ->setLeeway($configJwt->leeway) ->setMaxRefreshPeriod($configJwt->max_refresh_period); $parser = new Parser($this->getRequest(), [ new AuthHeaders, new QueryString, new InputSource, ]); $providerStorage = $configJwt->providers->storage; $blacklist = new Blacklist(new $providerStorage($this->getCache())); $blacklist->setGracePeriod($configJwt->blacklist_grace_period); $manager = new JWTManager(new $providerJwt( $configJwt->secret, $configJwt->algo, $configJwt->keys->toArray() ), $blacklist, $builder); $manager->setBlacklistEnabled((bool) $configJwt->blacklist_enabled); return new JWT($builder, $manager, $parser); });
Configuration
Copy file from config/jwt.php in your folder config and merge your config
Generate secret key
Update the secret value in config jwt.php or JWT_SECRET value in your .env file.
Generate a 32 character secret phrase like here https://passwordsgenerator.net/
Update your User model
Firstly you need to implement the Sinbadxiii\PhalconAuthJWT\JWTSubject contract on your User model, which requires that you implement the 2 methods getJWTIdentifier() and getJWTCustomClaims().
The example below:
<?php namespace App\Models; use Phalcon\Mvc\Model; use Sinbadxiii\PhalconAuthJWT\JWTSubject; class User extends Model implements JWTSubject { //... public function getJWTIdentifier() { return $this->id; } public function getJWTCustomClaims() { return [ "email" => $this->email, "username" => $this->username ]; } }
Create auth access, for example "jwt"
<?php namespace App\Security\Access; use Sinbadxiii\PhalconAuth\Access\AbstractAccess; class Jwt extends AbstractAccess { /** * @return bool */ public function allowedIf(): bool { return $this->auth->parseToken()->check(); } }
Set as a guard JWT
$di->setShared("auth", function () { $security = $this->getSecurity(); $adapter = new \Sinbadxiii\PhalconAuth\Adapter\Model($security); $adapter->setModel(App\Models\User::class); $guard = new \Sinbadxiii\PhalconAuthJWT\Guard\JWTGuard( $adapter, $this->getJwt(), $this->getRequest(), $this->getEventsManager(), ); $manager = new Manager(); $manager->addGuard("jwt", $guard); $manager->setDefaultGuard($guard); $manager->setAccess(new \App\Security\Access\Jwt()); $manager->except("/auth/login"); return $manager; });
Here we are telling the api guard to use the jwt driver, and we are setting the api guard as the default.
We can now use Phalcon Auth with JWT guard.
Add some basic handlers
$application = new \Phalcon\Mvc\Micro($di); $eventsManager = new Manager(); $application->post( "/auth/logout", function () { $this->auth->logout(); return ['message' => 'Successfully logged out']; } ); $application->post( "/auth/refresh", function () { $token = $this->auth->refresh(); return $token->toResponse(); } ); $application->post( '/auth/login', function () { $credentials = [ 'email' => $this->request->getJsonRawBody()->email, 'password' => $this->request->getJsonRawBody()->password ]; $this->auth->claims(['aud' => [ $this->request->getURI() ]]); if (! $token = $this->auth->attempt($credentials)) { return ['error' => 'Unauthorized']; } return $token->toResponse(); } ); $application->get( '/', function () { return [ 'message' => 'hello, my friend' ]; } );
Example Auth Login Controller
<?php declare(strict_types=1); namespace App\Controllers\Auth; use Phalcon\Mvc\Controller; class LoginController extends Controller { public function loginAction() { $credentials = [ 'email' => $this->request->getJsonRawBody()->email, 'password' => $this->request->getJsonRawBody()->password ]; $this->auth->claims(['aud' => [ $this->request->getURI() ]]); if (! $token = $this->auth->attempt($credentials)) { $this->response->setJsonContent(['error' => 'Unauthorized'])->send(); } return $this->respondWithToken($token); } public function meAction() { $this->response->setJsonContent($this->auth->user())->send(); } public function logoutAction() { $this->auth->logout(); $this->response->setJsonContent(['message' => 'Successfully logged out'])->send(); } public function refreshAction() { return $this->respondWithToken($this->auth->refresh()); } protected function respondWithToken($token) { $this->response->setJsonContent($token->toResponse())->send(); } }
Attach Middleware
Example code for middleware:
<?php namespace App\Middlewares; use Phalcon\Mvc\Micro\MiddlewareInterface; use Phalcon\Mvc\Micro; use function in_array; class AuthMiddleware implements MiddlewareInterface { public function call(Micro $application) { $authService = $application->getDI()->get("auth"); if ($access = $authService->getAccess()) { $excepts = $access->getExceptActions(); $uri = $application->getDI()->get("request")->getURI(true); if (!in_array($uri, $excepts)) { try { $authService->parseToken()->checkOrFail(); } catch (\Throwable $t) { $responseService = $application->getDI()->get("response"); $responseService->setStatusCode(401, 'Unauthorized'); $responseService->setJsonContent( [ "error" => "Unauthorized: " . $t->getMessage(), "code" => 401 ] ); if (!$responseService->isSent()) { $responseService->send(); } } } } return true; } }
and attach:
$application = new \Phalcon\Mvc\Micro($di); $eventsManager = new Manager(); $eventsManager->attach('micro', new AuthMiddleware()); $application->before(new AuthMiddleware());
You should now be able to POST to the login endpoint (e.g. http://0.0.0.0:8000/auth/login) with some valid credentials and see a response like:
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJhdWQiOlsiXC9hdXRoXC9sb2dpbiJdLCJleHAiOjE2MzE2OTkwOTMsImlzcyI6IjAuMC4wLjA6ODAwMCIsImlhdCI6MTYzMTY5NzI5MywianRpIjoiZFNhaGhyeUciLCJzdWIiOiIzIiwiZW1haWwiOiIxMjM0NUAxMjM0NS5ydSIsInVzZXJuYW1lIjoiMTIzNDUgdXNlcm5hbWUifQ.bTyngpVQt86IwtySdRUxPgZH_xk-44hYHTkmiA3BC_0s75TvkuLqTC9WN1jzBIR7Q_H4dWb_ErPR2MlTaw9VQA",
"token_type": "bearer",
"expires_in": 1800
}
There are a number of ways to send the token via http:
Authorization header:
Authorization Bearer eyJ0eXAiOiJKV1QiLC...
Query string param:
http://0.0.0.0:8000/me?token=eyJ0eXAiOiJKV1QiLC...
Exceptions
Methods
Multiple Guards
$credentials = ['email' => 'eaxample@gmail.com', 'password' => '1234']; $token = $this->auth->guard('api')->attempt($credentials);
attempt()
Attempt to authenticate a user via some credentials.
// Generate a token for the user if the credentials are valid $token = $this->auth->attempt($credentials);
This will return either a jwt or null
login()
Log a user in and return a jwt for them.
// Get some user from somewhere $user = User::findFirst(1); // Get the token $token = $this->auth->login($user);
user()
Get the currently authenticated user.
// Get the currently authenticated user $user = $this->auth->user();
If the user is not then authenticated, then null will be returned.
logout()
Log the user out - which will invalidate the current token and unset the authenticated user.
$this->auth->logout();
refresh()
Refresh a token, which invalidates the current one
$newToken = $this->auth->refresh();
invalidate()
Invalidate the token (add it to the blacklist)
$this->auth->invalidate();
tokenById()
Get a token based on a given user's id.
$token = $this->auth->tokenById(1);
payload()
Get the raw JWT payload
$payload = $this->auth->payload(); // then you can access the claims directly e.g. $payload->get('sub'); // = 1 $payload['jti']; // = 'sFF32fsDfs' $payload('exp') // = 1665544846 $payload->toArray(); // = ['sub' => 1, 'exp' => 1665544846, 'jti' => 'sFF32fsDfs'] etc
validate()
Validate a user's credentials
if ($this->auth->validate($credentials)) { // credentials are valid }
More advanced usage
Adding custom claims
$token = $this->auth->claims(['username' => 'phalconist'])->attempt($credentials);
Set the token explicitly
$user = $this->auth->setToken('eyJhb...')->user();
Check token
Checking the token for correctness
$this->auth->parseToken()->checkOrFail()
Will return true if everything is ok or Exceptions:
- Sinbadxiii\PhalconAuthJWT\Exceptions\TokenExpiredException ('The token has expired')
- Sinbadxiii\PhalconAuthJWT\Exceptions\TokenBlacklistedException ('The token has been blacklisted')
- Sinbadxiii\PhalconAuthJWT\Exceptions\TokenInvalidException
License
The MIT License (MIT). Please see License File for more information.
sinbadxiii/phalcon-auth-jwt 适用场景与选型建议
sinbadxiii/phalcon-auth-jwt 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 7.93k 次下载、GitHub Stars 达 3, 最近一次更新时间为 2021 年 09 月 10 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「auth」 「jwt」 「phalcon」 「Phalcon Auth JWT」 「phalcon jwt」 「auth jwt」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 sinbadxiii/phalcon-auth-jwt 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 sinbadxiii/phalcon-auth-jwt 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 sinbadxiii/phalcon-auth-jwt 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Laravel Multiauth package
A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.
A simple library to decode and parse Apple Sign In client tokens.
This package provides a flexible way to add Role-based Permissions to Laravel 6.x
JWT API authentication driver (Guard) for Laravel.
Email Toolkit Plugin for CakePHP
统计信息
- 总下载量: 7.93k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 3
- 点击次数: 3
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2021-09-10

