检查头对Restler API框架授权 [英] check header Authorization on Restler API framework
问题描述
我要扩展Restler检查,如果自定义标题授权的有效值传递。我有在周围的修复越来越麻烦,我想这一点,但没有机会:
类AuthenticateMe实现IAuthenticate进行(){功能__isAuthenticated(){
//返回使用isset($ _ SERVER ['HTTP_AUTH_KEY'])及&放大器; $ _ SERVER ['HTTP_AUTH_KEY'] == AuthenticateMe :: KEY?真假;
$头= apache_request_headers();
的foreach($标题,如$头=> $值){
如果($头==授权){
返回TRUE;
}其他{
//返回FALSE;
抛出新RestException(404);
}
}
}
}
让我很快地解决您的自定义AUTH头示例
类HeaderAuth实现IAuthenticate进行{
功能__isAuthenticated(){
//我们只是在寻找所谓的验证自定义标题
//但$ _ SERVER prepends HTTP_并使其全部大写
//这就是为什么我们需要寻找'HTTP_AUTH,而不是
//也不要用头'授权'。不是这样
//包含在PHP的$ _ SERVER变量
返回使用isset($ _ SERVER ['HTTP_AUTH'])及&放大器; $ _ SERVER ['HTTP_AUTH'] =='密码';
}
}
我测试,以确保它的作品!
下面是如何使它与工作的授权的头,它只能在Apache服务器
类授权实现IAuthenticate进行{
功能__isAuthenticated(){
$头= apache_request_headers();
返回使用isset($头['授权'])及&放大器; $头['授权'] =='密码';
}
}
我想通了,PHP 授权头转换成 $ _ SERVER ['PHP_AUTH_DIGEST'] 或 $ _ SERVER ['PHP_AUTH_USER'] 和 $ _ SERVER ['PHP_AUTH_PW'] 根据AUTH请求的类型(摘要或基本)我们可以使用下面的的.htaccess 文件以启用 $ _ SERVER ['HTTP_AUTHORIZATION'] 头
的DirectoryIndex index.php文件
的DirectoryIndex index.php文件
< IfModule mod_rewrite.c>
RewriteEngine叙述在
重写规则^ $的index.php [QSA,L]
的RewriteCond%{} REQUEST_FILENAME!-f
的RewriteCond%{} REQUEST_FILENAME!-d
重写规则^(。*)$的index.php [QSA,L]
。重写规则* - [ENV = HTTP_AUTHORIZATION:%{HTTP:授权},最后]
< / IfModule>
重要的部分就是重写规则* - [ENV = HTTP_AUTHORIZATION:%{HTTP:授权},最后]
现在我们的例子可以被简化为:
类授权实现IAuthenticate进行{
功能__isAuthenticated(){
返回使用isset($ _ SERVER ['HTTP_AUTHORIZATION'])及&放大器; $ _ SERVER ['HTTP_AUTHORIZATION'] =='密码';
}
}
I want to extend Restler to check if a valid value of custom header Authorization was passed. I am having trouble in getting around the fix, I tried this, but no chance:
class AuthenticateMe implements iAuthenticate() {
function __isAuthenticated() {
//return isset($_SERVER['HTTP_AUTH_KEY']) && $_SERVER['HTTP_AUTH_KEY']==AuthenticateMe::KEY ? TRUE : FALSE;
$headers = apache_request_headers();
foreach ($headers as $header => $value) {
if($header == "Authorization") {
return TRUE;
} else {
//return FALSE;
throw new RestException(404);
}
}
}
}
Let me quickly fix your custom auth header example
class HeaderAuth implements iAuthenticate{
function __isAuthenticated(){
//we are only looking for a custom header called 'Auth'
//but $_SERVER prepends HTTP_ and makes it all uppercase
//thats why we need to look for 'HTTP_AUTH' instead
//also do not use header 'Authorization'. It is not
//included in PHP's $_SERVER variable
return isset($_SERVER['HTTP_AUTH']) && $_SERVER['HTTP_AUTH']=='password';
}
}
I have tested it to make sure it works!
Here is how to make it work with Authorization header, it works only on apache servers
class Authorization implements iAuthenticate{
function __isAuthenticated(){
$headers = apache_request_headers();
return isset($headers['Authorization']) && $headers['Authorization']=='password';
}
}
I figured out that PHP converts Authorization header into $_SERVER['PHP_AUTH_DIGEST'] or $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] depending on the type of auth request (digest or basic), we can use the following .htaccess file to enable the $_SERVER['HTTP_AUTHORIZATION'] header
DirectoryIndex index.php
DirectoryIndex index.php
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^$ index.php [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [QSA,L]
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last]
</IfModule>
important part is RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last]
Now our example can be simplified to:
class Authorization implements iAuthenticate{
function __isAuthenticated(){
return isset($_SERVER['HTTP_AUTHORIZATION']) && $_SERVER['HTTP_AUTHORIZATION']=='password';
}
}
这篇关于检查头对Restler API框架授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
