CakePHP和REST Api适用于离子(角度)应用程序
问题描述:
你好,我尝试为离子(角度)应用程序的其余客户端(使用登录认证)设置cakephp。CakePHP和REST Api适用于离子(角度)应用程序
好吧,我配置CakePHP的像this setup tutorial和例如我得到的数据是:
public function projects()
{
$projects = $this->Projects->find('all');
$this->set([
'projects' => $projects,
'_serialize' => ['projects']
]);
}
并获得通过$.http
数据离子
完全这项工作,但我尝试配置为移动客户端蛋糕AUTH 。
我不知道我是如何做到这一点的。在我的Resttest Controller中,我写了代码设置了离子应用程序的会话Id,但离子不会缓存这个会话,我认为是我的cakePhp代码是错误的。
CakePHP的控制器:
<?php
namespace App\Controller;
use App\Controller\AppController;
use Cake\Controller\Component\RequestHandlerComponent;
// use Cake\View\Helper\SessionHelper;
class ResttestController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler');
$this->loadModel('Projects');
$this->loadModel('Task');
$this->loadModel('User');
$this->viewBuilder()->layout(false);
$this->response->header('Access-Control-Allow-Origin', '*');
$this->loadComponent('Auth', [
'loginAction' => [
'controller' => $this->name,
'action' => 'login',
// '_ext'=>'json'
],
'authorize'=>['Controller'],
]);
// Basic setup
$this->Auth->config('authorize', ['Controller']);
}
public function login(){
header('Access-Control-Allow-Headers: Content-Type, x-xsrf-token');
$this->response->header('Access-Control-Allow-Methods', '*');
if($this->request->is('post')){
$postdata = file_get_contents("php://input");
$d = json_decode($postdata);
if($this->Auth->user()){
$response =array("success"=>2,'msg'=>'logged After');
}
// $d = $this->request->data;
if(!$d->password || !$d->login){
$response = array("success"=>0,'msg'=>'n');
}
$u = $this->User->find()
->where(['email'=>$d->login])
->first();
if($u){
$salt = $u->salt;
$input_password = crypt($d->password, '$2y$12$' . $salt);
$password = $u->password;
if($password == $input_password){
$tok = self::getToken();
$u->token = $tok;
$out = $this->Auth->setUser($u);
$response = array("success"=>1,'msg'=>'logged', 'token'=>$tok, 'out'=>$out,'sadga'=>$this->Auth->identify,'asf'=>$this->Auth,'adsafsfq'=>$d,'$this->request'=>$this->request,'$this->response'=>$this->response,'apache_request_headers '=>apache_request_headers());
}else{
$response = array("success"=>0,'msg'=>'n');
}
}else{
$response = array("success"=>0,'msg'=>'n');
}
}else{
$response =array("success"=>0,'msg'=>'n');
}
$this->set([
'response' => $response,
'_serialize' => ['response']
]);
}
private function getToken(){
return crypt(sha1(md5(uniqid(rand(), true))));
}
public function testAuth(){
}
}
此代码返回会话和用户数据,但不能工作,我觉得是不是移动AUTH好方法。你对cakephp的auth有任何想法吗? 如何让我的代码更安全?
答
当我们将应用程序拆分为后端api和前端时,我们应该将后端视为无状态应用程序。这意味着您不能使用会话进行身份验证。
相反,您应该实现auth/login和auth/register rest端点,它们将返回一些令牌,例如JWT。
对于cakephp2可以easely找到这样的库:https://github.com/t73biz/cakephp2-jwt-auth
使用该验证,而不是形式。当你配置验证组件。 从插件中描述的前端侧传递令牌。