如何在使用JS时隐藏pubnub键 [英] how to hide pubnub keys when using JS
问题描述
我在pubnub打开了一张票,上面写着:
<?php
class access {
function __construct($ pubkey,$ subkey,$ seckey){
$ this-> publish_key = $ pubkey;
$ this-> subscribe_key = $ subkey;
$ this-> secret_key = $ seckey;
}
函数grant_global($ channel,$ read = True,$ write = True,$ ttl = 5){
/ **在频道上授予GLOBAL访问权限。 ** /
返回$ this-> _auth(数组(
频道=> $频道,
r=> $ read?1:0,
w=> $ write?1:0,
ttl=> $ ttl
));
}
函数授权($ channel,$ authkey = False,$ read = True,$ write = True,$ ttl = 5){
/ ** Grant Access on一个频道。 ** /
返回$ this-> _auth(数组(
频道=> $频道,
auth=> $ authkey,
r => $ read?1:0,
w=> $ write?1:0,
ttl=> $ ttl
));
}
函数撤销($ channel,$ authkey = False,$ read = False,$ write = False,$ ttl = 1){
/ **撤销访问权限一个频道。** /
返回$ this-> _auth(数组(
频道=> $频道,
auth=> $ authkey,
r=> $ read?1:0,
w=> $ write?1:0,
ttl=> $ ttl
));
}
function _sign($ message){
/ **通过密钥和消息计算签名。 ** /
返回strtr(base64_encode(hash_hmac(
'sha256',
utf8_encode($ message),
utf8_encode($ this-> secret_key),
true
)),'+ /',' - _');
}
函数_auth($ query){
/ **发出经过身份验证的请求。** /
if(!array_key_exists('timestamp',$ query )){
$ query ['timestamp'] = time();
}
## Global Grant?
if((array_key_exists('auth',$ query))&&!$ query ['auth']){
unset($ query ['auth']);
}
##构造要签名的字符串
$ params = array();
$ sorted_keys = array_keys($ query);
sort($ sorted_keys);
foreach($ sorted_keys为$ key)array_push(
$ params,
$ key。=。$ query [$ key]
);
$ string_to_sign =
$ this-> subscribe_key。 \ n。
$ this-> publish_key。 \ n。
grant。 \ n。
implode(&,$ params);
$ signature = $ this-> _sign($ string_to_sign);
$ url =(
https://pubsub.pubnub.com/v1/auth/grant/sub-key/。
$ this-> subscribe_key。?。
implode(&,$ params)。
& signature =。$ signature
);
$ workspace_curl = curl_init();
curl_setopt($ workspace_curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ workspace_curl,CURLOPT_URL,$ url);
$ result = curl_exec($ workspace_curl);
返回$ workspace_details = json_decode($ result,true);
}
}
?>
pam.php
: PubNub Access Manager(PAM)PHP完整库,用于授予和撤销访问权限
PubNub开发者控制台测试链接:
警告:PubNub开发者控制台需要同时授予Presence频道!您可以通过授予后缀 -pnpres
频道名称来设置在线状态访问。
I opened a ticket in pubnub and also read: https://help.pubnub.com/entries/22251291-Can-I-Hide-my-Application-Keys-
But I still can't understand how can I stop the user from seeing my keys as it is still on client side even after obfuscation.
What I want to do is something I read in this post: PubNub publish message between two Private Channels
- Create a public channel and a private the channel for each user
- Hide the keys from the user
I'm not sure how to create a private channel with custom keys that the user can't see.
EDIT: I was able to understand the flow of auth_key but can't find the php equivalency for the JS crypto lib to grant permission. any idea on how to implement it in PHP?
Hiding Your API Keys with PubNub JS SDK
With PubNub Access Manager you no longer need to worry about hiding your publish_key
and subscribe_key
in your source code in JavaScript or any other language! Typically you would consider that hiding your keys becomes a means to preventing access to streams of data on your PubNub Channels. However this is not necessary and there is a best practices method to use instead: The following is your solution for the new way to manage access and the new way to manage your keys.
PubNub Access Manager Example JS/PHP Grant Revoke SDK
You can issue per-user connection grant()
and revoke()
access in realtime on the PubNub global Real-Time Network. Various levels of security within the PubNub network using a grant/revoke (whitelist) permission scheme, where the first grant found in the hierarchy grants read/write access. Permissions are evaluated for both publish and subscribe based on this hierarchy. Our pam.php
PubNub Access Manager PHP Class is finally ready to go! You can get started by seeing the example usage code below with full code coverage of the SDK. You can find all source code via the GitHub Gist Link:
PubNub Access Manager (PAM) PHP Full Library for Granting and Revoking Access
Include PAM and Initialize class access
require('pam.php');
$manager = new access(
"pub-c-e132b7b4-0c2c-4d36-a828-1de1ea50d167",
"sub-c-f95db694-6ff9-11e3-9291-02ee2ddab7fe",
"sec-c-OWFkNWQ1NDctN2JiNy00NzJmLTk3Y2ItN2ExODZlYzkyNzY0"
);
Grant User Access
Grant access to user with authkey
of gZW5jb2RlZCBmaWx
with read
and write
access for 5
minute ttl
. You can make the authkey
anything you want!
print_r($manager->grant(
"my_channel", // CHANNEL
"gZW5jb2RlZCBmaWx", // STRING (AUTH KEY)
true, // READ
true, // WRITE
5 // TTL in MINUTES
));
Grant User Presence Access
Also grant access to the presence channel (required for PubNub Dev Console).
print_r($manager->grant(
"my_channel-pnpres", // CHANNEL
"gZW5jb2RlZCBmaWx", // STRING (AUTH KEY)
true, // READ
true, // WRITE
5 // TTL in MINUTES
));
Grant GLOBAL Access (to all users)
Exclude the authkey
and you can global grant access to all.
print_r($manager->grant_global(
"my_channel", // CHANNEL
true, // READ
true, // WRITE
5 // TTL in MINUTES
));
Forever Grant Access
You can grant access forever by setting the ttl
param to 0
.
print_r($manager->grant_global(
"my_channel", // CHANNEL
true, // READ
true, // WRITE
0 // FOREVER GRANT!!!
));
Revoke User Access
Instantly revoke access to a user.
print_r($manager->revoke(
"some-other-channel", // CHANNEL
"gZW5jb2RlZCBmaWx" // STRING (AUTH KEY)
));
Revoke Global Access
You can also revoke Global Access by excluding the authkey
param.
print_r($manager->revoke(
"some-other-channel" // CHANNEL
));
PAM (PubNub Access Manager) PHP Class SDK pam.php
The full file can be found here: PubNub Access Manager (PAM) PHP Full Library for Granting and Revoking Access
<?php
class access {
function __construct( $pubkey, $subkey, $seckey ) {
$this->publish_key = $pubkey;
$this->subscribe_key = $subkey;
$this->secret_key = $seckey;
}
function grant_global( $channel, $read=True, $write=True, $ttl=5 ) {
/** Grant GLOBAL Access on a Channel. **/
return $this->_auth(array(
"channel" => $channel,
"r" => $read ? 1 : 0,
"w" => $write ? 1 : 0,
"ttl" => $ttl
));
}
function grant( $channel, $authkey=False, $read=True, $write=True, $ttl=5 ) {
/** Grant Access on a Channel. **/
return $this->_auth(array(
"channel" => $channel,
"auth" => $authkey,
"r" => $read ? 1 : 0,
"w" => $write ? 1 : 0,
"ttl" => $ttl
));
}
function revoke( $channel, $authkey=False, $read=False, $write=False, $ttl=1 ) {
/** Revoke Access on a Channel.**/
return $this->_auth(array(
"channel" => $channel,
"auth" => $authkey,
"r" => $read ? 1 : 0,
"w" => $write ? 1 : 0,
"ttl" => $ttl
));
}
function _sign($message) {
/** Calculate a signature by secret key and message. **/
return strtr( base64_encode(hash_hmac(
'sha256',
utf8_encode($message),
utf8_encode($this->secret_key),
true
)), '+/', '-_' );
}
function _auth($query) {
/** Issue an authenticated request.**/
if (!array_key_exists( 'timestamp', $query )) {
$query['timestamp'] = time();
}
## Global Grant?
if ((array_key_exists('auth',$query)) && !$query['auth']) {
unset($query['auth']);
}
## Construct String to Sign
$params = array();
$sorted_keys = array_keys($query);
sort($sorted_keys);
foreach ($sorted_keys as $key) array_push(
$params,
$key . "=" . $query[$key]
);
$string_to_sign =
$this->subscribe_key . "\n" .
$this->publish_key . "\n" .
"grant" . "\n" .
implode( "&", $params );
$signature = $this->_sign($string_to_sign);
$url = (
"https://pubsub.pubnub.com/v1/auth/grant/sub-key/" .
$this->subscribe_key . "?" .
implode( "&", $params ) .
"&signature=" . $signature
);
$workspace_curl = curl_init();
curl_setopt( $workspace_curl, CURLOPT_RETURNTRANSFER, 1 );
curl_setopt( $workspace_curl, CURLOPT_URL, $url );
$result = curl_exec($workspace_curl);
return $workspace_details =json_decode( $result, true );
}
}
?>
pam.php
: PubNub Access Manager (PAM) PHP Full Library for Granting and Revoking Access
PubNub Dev Console Test Link:
WARNING: PubNub Dev Console Requires Grant on Presence Channel too! You can set the presence access by granting on the suffix of -pnpres
channel name.
这篇关于如何在使用JS时隐藏pubnub键的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!