检查 Restler API 框架上的标头授权 [英] check header Authorization on Restler API framework

问题描述

我想扩展 Restler 以检查是否传递了自定义标头授权的有效值.我在解决这个问题时遇到了麻烦，我试过了，但没有机会:

I want to extend Restler to check if a valid value of custom header Authorization was passed. I am having trouble in getting around the fix, I tried this, but no chance:

class AuthenticateMe implements iAuthenticate() {

function __isAuthenticated() {
    //return isset($_SERVER['HTTP_AUTH_KEY']) && $_SERVER['HTTP_AUTH_KEY']==AuthenticateMe::KEY ? TRUE : FALSE;
    $headers = apache_request_headers();
    foreach ($headers as $header => $value) {
        if($header == "Authorization") {
            return TRUE;
        } else {
            //return FALSE;
            throw new RestException(404);
        }
    }
}
}

推荐答案

让我快速修复您的自定义身份验证标头示例

class HeaderAuth implements iAuthenticate{
    function __isAuthenticated(){
        //we are only looking for a custom header called 'Auth'
        //but $_SERVER prepends HTTP_ and makes it all uppercase
        //thats why we need to look for 'HTTP_AUTH' instead
        //also do not use header 'Authorization'. It is not
        //included in PHP's $_SERVER variable
        return isset($_SERVER['HTTP_AUTH']) && $_SERVER['HTTP_AUTH']=='password';
    }
}

我已经对其进行了测试以确保它有效！

I have tested it to make sure it works!

这里是如何让它与Authorization头一起工作，它只适用于apache服务器

Here is how to make it work with Authorization header, it works only on apache servers

 class Authorization implements iAuthenticate{
    function __isAuthenticated(){
        $headers =  apache_request_headers();
        return isset($headers['Authorization']) && $headers['Authorization']=='password';
    }
}

我发现 PHP 将 Authorization 标头转换为 $_SERVER['PHP_AUTH_DIGEST'] 或 $_SERVER['PHP_AUTH_USER'] 和 $_SERVER['PHP_AUTH_PW'] 根据身份验证请求的类型(摘要或基本)，我们可以使用以下 .htaccess 文件来启用 $_SERVER['HTTP_AUTHORIZATION'] 标头

I figured out that PHP converts Authorization header into $_SERVER['PHP_AUTH_DIGEST'] or $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] depending on the type of auth request (digest or basic), we can use the following .htaccess file to enable the $_SERVER['HTTP_AUTHORIZATION'] header

DirectoryIndex index.php

DirectoryIndex index.php

DirectoryIndex index.php
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule ^$ index.php [QSA,L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php [QSA,L]
    RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last]
</IfModule>

重要的部分是 RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last]

现在我们的例子可以简化为:

Now our example can be simplified to:

class Authorization implements iAuthenticate{
    function __isAuthenticated(){
        return isset($_SERVER['HTTP_AUTHORIZATION']) && $_SERVER['HTTP_AUTHORIZATION']=='password';
    }
}

这篇关于检查 Restler API 框架上的标头授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！