使用基本的http身份验证对无胖框架进行身份验证,如何?
I have two one question about the Fat Free Framework.
First of all, how can i use multiple parameters(tokens in fat free framework) in a GET request? Or, is there only 1 token possible per REST GET request, and should one handle additional arguments as a regular GET request, for example:
domain/rest/somedata/5231?param1=value1¶m2=value2
where the ?param1=value1¶m2=value2 should be 'manually' parsed, not by a framework?
Is it at all possible to build a RESTful API with Fat Free Framework and also have some area's or routes needing authentication? if so, how?
I just stumbled upon this related question: REST API Best practices: Where to put parameters?
[edit]: i've found out that it is indeed possible to have authentication with fat free framework using several methods. However, they seem not very well documented (at least not on their github wiki).
[edit2] Since it's only very basic authentication, for now i'm using this:
function beforeRoute($f3,$params) {
$url = $params[0];
$parsed_key = parse_str(parse_url($url, PHP_URL_QUERY));
if (isset($apikey)){
// check if apikey is in database
$authenticated = false;
foreach(R::find('apikey') as $key_bean) {
if($key_bean->key == $apikey) {
$authenticated = true;
break;
}
}
if($authenticated == false) $f3->error(403);
} else {
$f3->error(403);
}
}
I'm looking for documentation on the basic http authentication method!
我有一个关于Fat Free Framework的两个 strike>问题。 p>
其中?param1 = value1& param2 = value2应该“手动”解析,而不是由框架解析? p>
是否可以使用Fat Free Framework构建RESTful API并且还有一些区域或路由需要身份验证? 如果是这样,怎么样? strike> p>
我偶然发现了这个相关的问题: REST API最佳实践:在何处放置参数? p>
[edit]: strong>我发现使用多种方法确实可以使用无脂肪框架进行身份验证。 然而,它们似乎没有很好的文档记录(至少不是在他们的github wiki上)。 p>
[edit2] strong>因为它只是非常基本的身份验证,现在我 使用这个: p>
我正在寻找 有关基本http身份验证方法的文档! p>
div>首先,我如何在GET请求中使用多个参数(无胖框架中的令牌)?
或者,每个REST GET请求是否只有一个令牌可用, 并且应该作为常规GET请求处理其他
arguments,例如: strike> p>
domain / rest / somedata / 5231?param1 = value1& param2 = value2 \ n code> pre>
function beforeRoute($ f3,$ params){
$ url = $ params [0];
$ parsed_key = parse_str(parse_url($ url) ,PHP_URL_QUERY));
if(isset($ apikey)){
//检查apikey是否在数据库中
$ authenticated = false;
foreach(R :: find('apikey')as $ key_bean){
if($ key_bean-> key == $ apikey){
$ authenticated = true;
break;
}
}
if($ authenticated == false)$ f3-&gt ;错误(403);
}其他{
$ f3->错误(403);
}
}
code> pre>
The auth class always authenticates you against a mapper. Feel free to use F3's Jig, Mongo or SQL.
$db = new DB\SQL('mysql:host=localhost;dbname=mydb', 'dbuser', '1234');
$mapper = new DB\SQL\Mapper($db, 'users');
$auth = new Auth($mapper, array('id'=>'username','pw'=>'password'));
if($auth->basic())
return true;
password and username are field names in the database. id and pw are internal used by the auth class. I recommend checking the auth class code and the unit tests in the dev branch on Github.
An simple example would be something like...
Username: admin, Password: 123
// Create users table using Jig.
$db = new \DB\Jig('data/');
$users = array(
0 => array('username' => 'admin', 'password' => '202cb962ac59075b964b07152d234b70'),
);
$db->write('users', $users);
$db_mapper = new \DB\Jig\Mapper($db, 'users');
$auth = new \Auth($db_mapper, array('id' => 'username', 'pw' => 'password'));
// Callback function because of md5 stored password.
function chkauth($pw) {
return md5($pw);
}
$auth->basic('chkauth');