Download the PHP package psecio/invoke without Composer

On this page you can find all versions of the php package psecio/invoke. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package invoke

Invoke: Route Authentication/Authorization Management

Travis-CI Build Status Total Downloads Scrutinizer Code Quality

Introduction video

Route Protection with Invoke: Introduction

The Invoke system helps you protect your application based on the endpoints and the URI requested. It uses a configuration file (or array of settings) to define the permissions needed to request a resource. For example, it will let you define things like:

"For this endpoint, I want to allow only authenticated users that have the group named 'test' to get through".

Currently Invoke treats all criteria as ANDs so they must meet ALL criteria in order to pass the validation.

Example Usage

In this case we're passing in an instance of the InvokeUser class that implements the \Psecio\Invoke\UserInterface for consistent user handling. This class defines three methods:

Each of these should be implemented in your own class to return these same values. This is a "bridge" between whatever user system you're using and the Invoke checking.

The InvokeGroup class should implement the \Psecio\Invoke\GroupInterface and should have the methods:

The Invoke tool assumes a typical RBAC group/permissions setup, but it can be used to determine permissions directly on the user. As such there is also a permission interface in \Psecio\Invoke\PermissionInterface with a single method:

Optionally you can just have the getPermissions and getGroups methods on the InvokeUser object retrurn an array of strings instead of sets of InvokePermission and InvokeGroup respectively. This greatly simplifies the process and requires less overhead for you to implement. For example, instead of making the permission class and returning instances:

Configuration

The configuration is based on a YAML formatted file. Here's an example structure:

In this example we're telling the system that the /event/add route should be protected (only allow authenticated users) and that it requires that the user has the group named "test" and a permission on the user of "testperm1". The system will take in this configuration and automatically parse and handle is accordingly inside the Enforcer.

Routes can be simple matches or they can be more complicated regular expressions. For example, if we only wanted to match URLs going to our /event/view page with numeric IDs, you could use:

This would match a URL like /event/view/1 but not /event/view/foo. The route itself is actually a regular expression. If you're familiar with regular expressions, you'll also notice that there's capturing parentheses in our example. These can be used to gather the matching data from our matcher instance:

This would return the following in $params:

Additionally, the routes also support the idea of placeholders and parameters to do additional checking. To use these placeholders, you use a colon notation in the path and then reference them in a params check in the body. For example, say you wanted to only match an event with an ID of 5:

Inheritance

Invoke also includes the concept of inheritance, allowing for the ultimate reuse of evaluation rules. This allows you to set up one route how you'd like it and then just tell other routes to inherit it.

NOTE: This inheritance adds the checks from the other route, not replaces.

This uses the inherit and name keywords to match the routes togethter. If you don't give a route a name, the library cannot match for inheritance:

So, in this example we're telling Invoke that when the user accesses the event/add endpoint we want all the checks from event/admin to be added to it. In this case it's just that the endpoint is protected and that they're in the group "group1".

So, if the user comes to /event/view/5 (and was logged in), this route would match and the isAuthorized call would return true.

Match Types

There are currently several match types in the Invoke system that can be used for evaluation: route matching, group checking and permission checking. You don't need to do anything externally to use these matches - they're generated from the configuration file for you.

There's more of these match types to come...so stay tuned.

Callback Match

The callback match type allows you to call your own class and method directly and evaluate the result of the check. The method should return a boolean value. The method should be defined as static in order to be called correctly. For example:

Then, in your class:

The callback should take one parameter, the $data value that's an instance of \Psecio\Invoke\Data. This object allows you access to:

These three things provide the context you'll need to evaluate the request. This information can be accessed through the $data->user, $data->resource and $data->route properties respectively.

Failure

if the result of the isAuthorized call is false, you can query the object to get the error message from the first match that failed:


All versions of invoke with dependencies

PHP Build Version
Package Version
Requires php Version >=5.4.0
symfony/yaml Version ^4.1
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package psecio/invoke contains the following files

Loading the files please wait ....