php邮箱验证laravel接口,Laravel 5 API 服务端支持签名授权认证

Laravel 5 API 服务端支持签名授权认证

Api Authorized Signature Middleware for Laravel 5

关于

The larsign package authorized signature server.

Features

Handles larsign requests

Installation

Require the havenshen/larsign package in your composer.json and update your dependencies:

$ composer require havenshen/larsign

Add the HavenShen\Larsign\LarsignServiceProvider to your config/app.php providers array:

HavenShen\Larsign\LarsignServiceProvider::class,

Add the HavenShen\Larsign\LarsignFacade to your config/app.php aliases array:

'Larsign' => HavenShen\Larsign\LarsignFacade::class,

Global usage

To allow Larsign for all your routes, add the HandleLarsign middleware in the $middleware property of app/Http/Kernel.php class:

protected $middleware = [

// ...

\HavenShen\Larsign\HandleLarsign::class,

];

Group middleware

If you want to allow Larsign on a specific middleware group or route, add the HandleLarsign middleware to your group:

protected $middlewareGroups = [

'web' => [

// ...

],

'api' => [

// ...

\HavenShen\Larsign\HandleLarsign::class,

],

];

Application route middleware

If you want to allow Larsign on a specific application middleware or route, add the HandleLarsign middleware to your application route:

protected $routeMiddleware = [

// ...

'auth.larsign' => \HavenShen\Larsign\HandleLarsign::class,

];

Configuration

The defaults are set in config/larsign.php. Copy this file to your own config directory to modify the values. You can publish the config using this command:

$ php artisan vendor:publish --provider="HavenShen\Larsign\LarsignServiceProvider"

return [

/*

|--------------------------------------------------------------------------

| Larsign

|--------------------------------------------------------------------------

|

*/

'headerName' => env('LARSIGN_HEADER_NAME', 'Larsign'),

'accessKey' => env('LARSIGN_ACCESS_KEY', ''),

'secretKey' => env('LARSIGN_SECRET_KEY', ''),

];

Add api route in routes/api.php Copy this.

Route::middleware(['auth.larsign'])->group(function () {

Route::get('/larsign', function () {

return [

'message' => 'done.'

]);

});

or

Route::get('/larsign', function () {

return [

'message' => 'done.'

];

})->middleware('auth.larsign');

Client

Generate Larsign signatures

Assume the following management credentials:

AccessKey = "test"

SecretKey = "123456"

Call interface address:

url = "https://larsign.dev/api/v1/test?page=1"

The original string to be signed:

note: the time-stamping followed by a newline [currenttime + voucher valid seconds]

signingStr = "/api/v1/test?page=1\n1510986405"

Base64 url safe encode:

signingStrBase64UrlSafeEncode = "L2FwaS92MS90ZXN0P3BhZ2U9MQoxNTEwOTg2NDY1"

hmac_sha1 carries SecretKey encryption then base64 url safe encode:

sign = "MLKnFIdI-0TOQ4mHn5TyCcmWACU="

The final administrative credentials are:

note: stitching headerName Space AccessKey:sign:signingStrBase64UrlSafeEncode

larsignToken = "Larsign test:MLKnFIdI-0TOQ4mHn5TyCcmWACU=:L2FwaS92MS90ZXN0P3BhZ2U9MQoxNTEwOTg2NDY1"

Add http header:

note: header key in config/larsign.php -> headerName

Larsign:Larsign test:MLKnFIdI-0TOQ4mHn5TyCcmWACU=:L2FwaS92MS90ZXN0P3BhZ2U9MQoxNTEwOTg2NDY1

Client signature authorization failed

Http Response: 403

Testing

$ phpunit

License

The MIT License (MIT). Please see License File for more information.