承接 soulcodex/model-keyable 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

soulcodex/model-keyable

Composer 安装命令:

composer require soulcodex/model-keyable

包简介

Allow attach api key to laravel models

README 文档

README

Keyable is a package that allows you to add API Keys to any model. This allows you to associate incoming requests with their respective models. You can also use Policies to authorize requests.

Latest Stable Version Total Downloads Latest Unstable Version License

Installation

Require the soulcodex/keyable package in your composer.json and update your dependencies:

composer require soulcodex/model-keyable

Publish the migration and config files:

php artisan vendor:publish --provider="Soulcodex\Keyable\KeyableServiceProvider"

Run the migration:

php artisan migrate

Usage

Add the Soulcodex\Keyable\Keyable trait to your model(s):

use Illuminate\Database\Eloquent\Model;
use Soulcodex\Keyable\Keyable;

class Account extends Model
{
    use Keyable;

    // ...
}

Add the auth.apiKey middleware to the mapApiRoutes() function in your App\Providers\RouteServiceProvider file:

// ...

protected function mapApiRoutes()
{
    Route::prefix('api')
        ->middleware(['api', 'auth.apikey'])
	->namespace($this->namespace . '\API')
	->group(base_path('routes/api.php'));
}

// ...

The middleware will authenticate API requests, ensuring they contain an API key that is valid.

Accessing keyable models in your controllers

The model associated with the key will be attached to the incoming request as keyable:

use App\Http\Controllers\Controller;

class FooController extends Controller {

    public function index(Request $request) 
    {
        $model = $request->keyable;

        // ...
    }

}

Now you can use the keyable model to scope your associated API resources, for example:

return $model->foo()->get();

Keys Without Models

Sometimes you may not want to attach a model to an API key (if you wanted to have administrative access to your API). By default this functionality is turned off:

<?php
	
return [
	
    'allow_empty_models' => true
	
];

UUID support

Before migrate you can config if you prefer use bigint or uuid identifiers. By default use bigint like keyable_id

<?php

return [

    'identifier' => 'bigint'
    
];

Making Requests

By default, laravel-keyable uses bearer tokens to authenticate requests. Attach the API key to the header of each request:

Authorization: Bearer <key>

You can change where the API key is retrieved from by altering the setting in the keyable.php config file. Supported options are: bearer, header, and parameter.

As it is an array, you can use more than one of these options and combine them.

<?php
	
return [
	
    'modes' => ['header'],
	
    'key' => 'X-Authorization',
	
];

Need to pass the key as a URL parameter? Set the mode to parameter and the key to the string you'll use in your URL:

<?php
	
return [
	
    'modes' => ['parameter'],
	
    'key' => 'api_key'
	
];

Now you can make requests like this:

https://example.com/api/posts?api_key=<key>

Authorizing Requests

Laravel offers a great way to perform Authorization on incoming requests using Policies. However, they are limited to authenticated users. We replicate that functionality to let you authorize requests on any incoming model.

To begin, add the AuthorizeKeyableRequest trait to your base Controller.php class:

<?php

namespace App\Http\Controllers;

// ...

use Soulcodex\Keyable\Auth\AuthorizeKeyableRequest;

class Controller extends BaseController
{
    use AuthorizeKeyableRequest;
}

Next, create the app/Policies/KeyablePolicies folder and create a new policy:

<?php

namespace App\Policies\KeyablePolicies;

use App\Models\Post;
use Illuminate\Database\Eloquent\Model;
use Soulcodex\Keyable\Models\ApiKey;

class PostPolicy {

    public function view(ApiKey $apiKey, Model $keyable, Post $post) {
    	return !is_null($keyable->posts()->find($post->id));
    }
    
}

Lastly, register your policies in AuthServiceProvider.php:

<?php

namespace App\Providers;

// ...

use App\Models\Post;
use App\Policies\KeyablePolicies\PostPolicy;
use Soulcodex\Keyable\Facades\Keyable;

class AuthServiceProvider extends ServiceProvider
{
	
    // ...
    
    protected $keyablePolicies = [
        Post::class => PostPolicy::class
    ];

    public function boot(GateContract $gate)
    {
        // ...
        Keyable::registerKeyablePolicies($this->keyablePolicies);
    }
    
}

In your controller, you can now authorize the request using the policy by calling $this->authorizeKeyable(<ability>, <model>):

<?php

namespace App\Http\Controllers\PostController;

use App\Models\Post;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;

class PostController extends Controller {

    public function show(Post $post) {
        $this->authorizeKeyable('view', $post);
        // ...
    }

}

Artisan Commands

Generate an API key:

php artisan api-key:generate --id=1 --type="App\Models\Account"
php artisan api-key:generate --id='6324d582-5614-430b-a35c-c24b621a93c5' --type="App\Models\Account"

Delete an API key:

php artisan api-key:delete --id=12345
php artisan api-key:delete --id='6324d582-5614-430b-a35c-c24b621a93c5'

Security

If you discover any security related issues, please email info@soulcodex.es.

License

Released under the MIT license. See LICENSE for more information.

soulcodex/model-keyable 适用场景与选型建议

soulcodex/model-keyable 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 76 次下载、GitHub Stars 达 0, 最近一次更新时间为 2021 年 02 月 24 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「soulcodex」 「keyable」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 soulcodex/model-keyable 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 soulcodex/model-keyable 我们能提供哪些服务?
定制开发 / 二次开发

基于 soulcodex/model-keyable 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 76
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 1
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 1
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2021-02-24