seffeng/laravel-signature

PHP laravel extension signature

v1.1.4 2023-01-13 03:10 UTC

This package is auto-updated.

Last update: 2024-12-06 11:37:03 UTC


README

安装

# 安装
$ composer require seffeng/laravel-signature
Laravel
# 1、生成配置文件
$ php artisan vendor:publish --tag="signature"

# 2、修改配置文件 /config/signature.php,或 .env
lumen
# 1、复制扩展内配置文件 /config/signature.php 到项目配置目录 /config

# 2、修改配置文件 /config/signature.php,或 .env

# 3、将以下代码段添加到 /bootstrap/app.php 文件中的 Providers 部分
$app->register(Seffeng\LaravelSignature\SignatureServiceProvider::class);

# 4、/bootstrap/app.php 添加配置加载代码
$app->configure('signature');

示例

# 客户端示例
use Seffeng\Signature\Exceptions\SignatureException;
use Seffeng\LaravelSignature\Facades\Signature;

class SiteController extends Controller
{
    public function test()
    {
        try {
            /**
             * 客户端使用签名
             * @var string $method
             */
            $method = 'GET';
            $uri = '/test';
            $params = ['page' => 1];
            $signature = Signature::sign($method, $uri, $params);
            $headers = Signature::getHeaders();
            print_r($headers);

            // 其他客户端
            //$signature = Signature::setClient('other-client')->loadClient()->sign($method, $uri, $params);
            //$headers = Signature::getHeaders();
            //print_r($headers);

            // 通过请求传递 $headers,如使用 GuzzleHttp
            // $httpClient = new Client(['base_uri' => 'http://domain.com']);
            // $request = $httpClient->get('/test', ['headers' => $headers, 'query' => $params]);
        } catch (SignatureException $e) {
            var_dump($e->getMessage());
        } catch (\Exception $e) {
            var_dump($e->getMessage());
        }
    }
}
# 路由使用中间件,配置中间件
# 1、默认服务端:middleware('check.signature')
# 2、其他服务端:middleware('check.signature:other-server')

# 服务端示例,可通过中间件使用,或参考 /tests/SignatureTest.php
use Closure;
use Seffeng\Signature\Exceptions\SignatureException;
use Seffeng\Signature\Exceptions\SignatureAccessException;
use Seffeng\Signature\Exceptions\SignatureTimeoutException;
use Seffeng\LaravelSignature\Facades\Signature as SignatureFacade;
use Seffeng\LaravelSignature\Middleware\Signature as Middleware;

class Signature extends Middleware
{
    /**
     *
     * {@inheritDoc}
     * @see \Seffeng\LaravelSignature\Middleware\Signature::handle()
     */
    public function handle($request, Closure $next, string $server = null)
    {
        try {
            !is_null($server) && SignatureFacade::setServer($server)->loadServer();
            // $accessKeyId 用于查询应用信息,获取 secret 和 IP 等
            $accessKeyId = $request->header(SignatureFacade::getHeaderAccessKeyId());
            if (true) { // 通过数据库查询secret,自行创建数据表
                $application = Application::where('access_key_id', $accessKeyId)->first();
                if (!$application) {
                    throw new SignatureException('应用不存在!');
                }
                $accessKeySecret = $application->access_key_secret;
            } else {    // 通过配置,自行添加配置字段
                if ($accessKeyId !== config('signature.servers.default.accessKeyId', '')) {
                    throw new SignatureException('应用不存在!');
                }
                $accessKeySecret = config('signature.servers.default.accessKeySecret', '');
            }
            $this->setAccessKeySecret($accessKeySecret);
            $this->setAllowIp([]);  // 可配置或通过数据库查询ip,自行创建数据表
            //$this->setDenyIp([]); // 可配置或通过数据库查询ip,自行创建数据表
            /**
             * 若某些参数不是通过前端传过来的则需要过滤
             * 如:在此签名验证中间件前执行了以下方法设置的参数
             * $request->offsetSet('extra1', '额外参数1');
             * $request->merge(['extra2' => '额外参数2']);
            $params = $request->all();
            if (isset($params['extra1'])) {
                unset($params['extra1']);
            }
            $this->setParams($params);
            */

            if (parent::handle($request, $next)) {
                return $next($request);
            }
            throw new SignatureException('签名错误!');
        } catch (\Error $e) {
            throw $e;
        } catch (SignatureTimeoutException $e) {
            throw $e;
        } catch (SignatureAccessException $e) {
            throw $e;
        } catch (SignatureException $e) {
            throw $e;
        } catch (\Exception $e) {
            throw $e;
        }
    }
}

备注

1、测试脚本 tests/SignatureTest.php 仅作为示例供参考。