您的位置: 首页  >  技术问答  >  CakePHP和REST Api适用于离子(角度)应用程序

CakePHP和REST Api适用于离子(角度)应用程序

分类: 技术问答 2022-08-01 23:02:19
问题描述:

你好,我尝试为离子(角度)应用程序的其余客户端(使用登录认证)设置cakephp。CakePHP和REST Api适用于离子(角度)应用程序

好吧,我配置CakePHP的像this setup tutorial和例如我得到的数据是:

public function projects() 
{ 

    $projects = $this->Projects->find('all'); 
    $this->set([ 
     'projects' => $projects, 
     '_serialize' => ['projects'] 
    ]); 
}

并获得通过$.http数据离子

完全这项工作,但我尝试配置为移动客户端蛋糕AUTH 。

我不知道我是如何做到这一点的。在我的Resttest Controller中,我写了代码设置了离子应用程序的会话Id,但离子不会缓存这个会话,我认为是我的cakePhp代码是错误的。

CakePHP的控制器:

<?php 
namespace App\Controller; 

use App\Controller\AppController; 
use Cake\Controller\Component\RequestHandlerComponent; 
// use Cake\View\Helper\SessionHelper; 

class ResttestController extends AppController 
{ 


    public function initialize() 
    { 
     parent::initialize(); 
     $this->loadComponent('RequestHandler'); 
     $this->loadModel('Projects'); 
     $this->loadModel('Task'); 
     $this->loadModel('User'); 
     $this->viewBuilder()->layout(false); 
     $this->response->header('Access-Control-Allow-Origin', '*'); 
     $this->loadComponent('Auth', [ 
      'loginAction' => [ 
       'controller' => $this->name, 
       'action' => 'login', 
       // '_ext'=>'json' 
      ], 
      'authorize'=>['Controller'], 

     ]); 

     // Basic setup 
     $this->Auth->config('authorize', ['Controller']); 
    } 


    public function login(){ 
     header('Access-Control-Allow-Headers: Content-Type, x-xsrf-token'); 
     $this->response->header('Access-Control-Allow-Methods', '*'); 


     if($this->request->is('post')){ 


      $postdata = file_get_contents("php://input"); 
      $d = json_decode($postdata); 

      if($this->Auth->user()){ 
       $response =array("success"=>2,'msg'=>'logged After'); 
      } 

      // $d = $this->request->data; 

      if(!$d->password || !$d->login){ 
       $response = array("success"=>0,'msg'=>'n');   
      } 


      $u = $this->User->find() 
       ->where(['email'=>$d->login]) 
       ->first(); 


      if($u){ 
       $salt = $u->salt; 
       $input_password = crypt($d->password, '$2y$12$' . $salt); 
       $password = $u->password; 


       if($password == $input_password){ 

        $tok = self::getToken(); 
        $u->token = $tok; 

        $out = $this->Auth->setUser($u); 




        $response = array("success"=>1,'msg'=>'logged', 'token'=>$tok, 'out'=>$out,'sadga'=>$this->Auth->identify,'asf'=>$this->Auth,'adsafsfq'=>$d,'$this->request'=>$this->request,'$this->response'=>$this->response,'apache_request_headers '=>apache_request_headers()); 

       }else{ 
        $response = array("success"=>0,'msg'=>'n'); 
       } 


      }else{ 
       $response = array("success"=>0,'msg'=>'n'); 
      } 

     }else{ 
       $response =array("success"=>0,'msg'=>'n'); 

     } 

     $this->set([ 
      'response' => $response, 
      '_serialize' => ['response'] 
     ]); 
    } 


    private function getToken(){ 
     return crypt(sha1(md5(uniqid(rand(), true)))); 
    } 

    public function testAuth(){ 

    } 
}

此代码返回会话和用户数据,但不能工作,我觉得是不是移动AUTH好方法。你对cakephp的auth有任何想法吗? 如何让我的代码更安全?

当我们将应用程序拆分为后端api和前端时,我们应该将后端视为无状态应用程序。这意味着您不能使用会话进行身份验证。

相反,您应该实现auth/login和auth/register rest端点,它们将返回一些令牌,例如JWT。

对于cakephp2可以easely找到这样的库:https://github.com/t73biz/cakephp2-jwt-auth

使用该验证,而不是形式。当你配置验证组件。 从插件中描述的前端侧传递令牌。

相关推荐