codeigniter Web服务 [英] Codeigniter web services

问题描述

我使用codeigniter 1.7。有没有人有PHP，特别是codeIgniter框架内创建Web服务的经验吗？什么是安全的措施需要同时实现Web服务的考虑？如何提供身份验证API密钥？

I'm using Codeigniter 1.7. Does anyone have any experience of creating web services with PHP, particularly within the CodeIgniter framework? What are security measures need to consider while implementing web services? How to provide authentication with API keys?

任何想法？

推荐答案

这取决于那种你所查询的Web服务。是Web服务将是例如守护进程？或者典型的在线网络服务。对于任何的这些，你必须实现一个RESTful类型。 REST风格的含义一个无状态的连接。这是其中使用API​​密钥;身份例如用户

It depends on the kind of web service you are inquiring about. Is the web service going to be a daemon for example? or a typical online web service. For either of these you must implement a RESTful type. RESTful meaning a stateless connection. This is where API keys are used; to identity a user for example.

幸运的是，codeigniter是一所具有很多库和扩展。这种库的例子都可以在这里：<一href=\"https://github.com/philsturgeon/$c$cigniter-restserver\">https://github.com/philsturgeon/$c$cigniter-restserver

Luckily Codeigniter is one with many libraries and extensions. An example of such libraries can be here: https://github.com/philsturgeon/codeigniter-restserver

现在的安全问题：API密钥将取代会话或任何状态。你将不得不作出的API全程把关。实现API的许多网站提供相同的最终结果不同的解决方案。

Now for security concerns: API keys would replace sessions or any state. You would have to make full checks on the api. Many sites that implement APIs offer different solutions to the same end result.

使用API​​密钥验证很简单。你会检查它针对存储类型（数据库）。

Authentication with API keys are simple. You would check it against a storage type(database).

下面是使用教程codeigniter和库链接previously：<一href=\"http://net.tutsplus.com/tutorials/php/working-with-restful-services-in-$c$cigniter-2/\">http://net.tutsplus.com/tutorials/php/working-with-restful-services-in-$c$cigniter-2/

Here is a tutorial using codeigniter and the library linked previously: http://net.tutsplus.com/tutorials/php/working-with-restful-services-in-codeigniter-2/

这可能是有些模糊，但因为你没有任何具体的问题或需要明显的努力是具体的。

This might be somewhat vague, but since you dont have any specific problems or apparent needs its hard to be specific.

编辑：

在这种情况下，这将是更好地执行一个RESTful接口，使您的iPhone应用程序也可以使用所有您的服务为用户提供的功能的。最好的办法是使以某种方式获取的一切。这意味着不必为iphone连接和Web连接不同的控制器/型号。

In that case it would be better implementing a RESTful interface so that your iphone app can also use all of the user functionalities that your service provides. The best way would be to make everything accessible in one way. Meaning not having different controllers / models for the iphone connections and web connections.

因此​​，例如，你可以有以下控制器：

So for example you could have the following controller:

<?php

class Auth extends CI_Controller{

    public function login(){
      //Check if their accessing using a RESTful interface;
      $restful = $this->rest->check();
      if($restful){
         //Check for the API keys;
         $apiKey    = $this->input->get('apiKey');
         $secretKey = $this->input->get('secretKey');

         //If you have any rules apon the keys you may check it (i.e. their lengths,                 
         //character restrictions, etc...)
         if(strlen($apiKey) == 10 and strlen($secretKey) == 14)
         {
           //Now check against the database if the keys are acceptable;
           $this->db->where('apiKey', $apiKey);
           $this->db->where('secretKey', $secretKey);
           $this->db->limit(1);
           $query = $this->db->get('keys');
           if($this->db->count_all_results() == 1)
           {
             //It's accepted the keys now authenticate the user;
             foreach ($query->result() as $row)
             {
                $user_id = $row->user_id;
                //Now generate a response key;
                $response_key = $this->somemodel->response_key($user_id);
                //Now return the response key;
                die(json_encode(   array(
                                         'response_key' => $response_key, 
                                         'user_id' => $user_id
                                   )
                               )
                   );

             } //End of Foreach
           }//End of Result Count
         }//End of length / character check;
      } else {
        //Perform your usual session login here...;

      }
   }
}

?>

现在这仅仅是用于执行这些类型的请求的一个小例子。这可以适用于任何类型的控制器。虽然这里有几个选项。你可以让每个请求传递apikey，每一次的秘密，在每个请求验证。或者你可以有某种白名单，一旦你已经验证后的第一时间，每个请求将被列入白名单，以及或黑色在对面上市。

Now this is just a small example for performing these types of requests. This could apply to any type of controller. Though there are a few options here. You could make every request pass the apikey, and the secret each time and verify it at each request. Or you could have some sort of whitelist that once you have been verified the first time each request after that would be whitelisted, and or black listed on the opposite.

希望这有助于
丹尼尔

Hope this helps, Daniel

这篇关于codeigniter Web服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！