Download the PHP package kwen/laravel-api-auth without Composer

On this page you can find all versions of the php package kwen/laravel-api-auth. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of kwen/laravel-api-auth

Informations about the package laravel-api-auth

laravel-api-auth

laravel API 鉴权

这是一个 laravel 的 API 鉴权包, laravel-api-auth 采用 jwt token 的鉴权方式,只要客户端不被反编译从而泄露密钥,该鉴权方式理论上来说是安全的。 PS: web 前端 API 没有绝对的安全,该项目的本意是给不暴露源码的客户端提供一种鉴权方案(如 service、APP 客户端)。

安装

配置

  1. 注册 ServiceProvider:

    laravel 5.5+ 版本不需要手动注册

  2. 发布配置文件

  3. App\Http\Kernal 中注册中间件

  4. 添加 role

    然后按照格式把 access_keysecret_key 添加到, config/api_auth.php 里面的 roles 数组中。

  5. 自定义签名方法 (可选) config/api_auth.php 中的 signature_methods 可以添加自定义的签名类,该类需要继承自 kwen\LaravelApiAuth\Signatures\SignatureInterface 接口

class Md5 implements SignatureInterface { public static function sign(string $string, string $secret): string { return md5($string . $secret); }

   public static function check(string $string, string $secret, string $signature): bool
   {
       return static::sign($string, $secret) === $signature;
   }

}

javascript import axios from 'axios'; import { Base64 } from 'js-base64';

const access_key = '{access_key}'; // 服务端生成的 access_key const secret_key = '{secret_key}'; // 服务端生成的 secret_key

const timestamp = Date.parse(new Date()) / 1000; // 取时间戳 const echostr = 'asldjaksdjlkjgqpojg64131321'; // 随机字符串自行生成

const header = Base64.encode( JSON.stringify({ alg: 'md5', type: 'jwt' }) ); const payload = Base64.encode( JSON.stringify({ timestamp: timestamp, echostr: echostr, ak: access_key }) ); const signature_string = header + '.' + payload;

function md5Sign(string, secret) { return md5(string + secret); // md5 库自行引入 }

const api_token = signature_string + '.' + md5Sign(signature_string, secret_key);

const requestConfig = { headers: { 'api-token': api_token } };

axios.post('/api/example', {}, requestConfig).then(res => { // todo });



> 本例子为 `web` 前端的例子,其他客户端同理,生成签名并且带上指定参数即可正常请求。
> 通过自定义签名方法和自定义校验方法,可以使用其他加密方法进行签名,例如 `哈希` 等其他加密算法。

All versions of laravel-api-auth with dependencies

PHP Build Version
Package Version
No informations.
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package kwen/laravel-api-auth contains the following files

Loading the files please wait ....