JWT Login, Logout, Verification Code Interface

Keywords: PHP Session Mobile

6.2 Verification Code Interface

When the authentication code interface is used to display the login page, the image address and identification of the authentication code are obtained.

Install the Verification Code Function Component (if it is a full version of the framework downloaded from the official website, no installation is required)

 

composer require topthink/think-captcha 1.*

Set up routing, application/route.php, adminapi domain name routing section, add the following code

//Verification Code Picture
Route::get('captcha/:id', "\\think\\captcha\\CaptchaController@index");//Visiting Pictures Need
Route::get('captcha', 'adminapi/login/captcha');

  

Add in login Controller

<?php

namespace app\adminapi\controller;

use think\Controller;

class Login extends BaseApi
{
    /**
     * Get the Verification Code Picture Address
     */
    public function captcha()
    {
        //Verification Code Identification
        $uniqid = uniqid(mt_rand(100000, 999999));
        //Return data validation code image path, validation code identification
        $data = [
            'src' => captcha_src($uniqid),
            'uniqid' => $uniqid
        ];
        $this->ok($data);
    }
}

Testing: Browser or postman access http://adminapi.pyg.com/captcha

{
    "code":200,
    "msg":"success",
    "data":{
        "src":"http:\/\/adminapi.pyg.com\/captcha\/7873845d27250ede217.html",
        "uniqid":"7873845d27250ede217"
    }
}

According to the actual needs, the verification code can be customized configuration: application/config.php

Validation code component, by default, stores the characters in the validation code in session.

Considering some clients (such as mobile app), session is generally not used (requests to display authentication codes and login requests, and session sessions are independent of each other).

The source code of the modifiable component is as follows:

entry method of vendor/topthink/think-captcha/src/Captcha.php

In subsequent validation, the session_id is fetched from the cache and the session_id is set. See Login Interface.

 

Login interface

(1) Create an administrator model (note that the administrator table is pyg_admin and the corresponding model name is Admin)

(2) Setting up routing, in application/route.php, adminapi domain name routing section, add the following code

//Sign in
Route::post('login', 'adminapi/login/login');

(3) Encapsulated cryptographic function

Note: The initial administrator password in the background administrator table tpshop_admin needs to be encrypted and updated to the data table.

Use a custom cryptographic function:

(4) Login function

/**
     * Login interface
     */
    public function login()
    {
        //Get input variables
        $param = input();
        $validate = $this->validate($param, [
            'username' => 'require',
            'password' => 'require',
            'code' => 'require',
            'uniqid' => 'require'
        ]);
        if($validate !== true){
            $this->fail($validate);
        }
        //Remove from the cache based on the authentication code identifier session_id And reset session_id
        session_id(cache('session_id_'.$param['uniqid']));
        //Manual Verification Method for Verification Code Verification
        if (!captcha_check($param['code'], $param['uniqid'])) {
            //Verification code error
            $this->fail('Verification code error');
        }
        //According to user name and password (encrypted password), query administrator user table
        $where = [
            'username' => $param['username'],
            'password' => encrypt_password($param['password'])
        ];
        $info = \app\common\model\Admin::where($where)->find();
        if(!$info){
            //Error in username or password
            $this->fail('Error in username or password');
        }
        $data['token'] = \tools\jwt\Token::getToken($info->id);
        $data['user_id'] = $info->id;
        $data['username'] = $info->username;
        $data['nickname'] = $info->nickname;
        $data['email'] = $info->email;
        //Successful login
        $this->ok($data);
    }

 

Exit interface

/**
 * Background exit interface
 */
public function logout()
{
    //empty token  Will need to be cleared token Store in the cache, and when used again, read the cache for judgment.
    $token = \Token::getRequestToken();
    $delete_token = cache('delete_token') ?: [];
    $delete_token[] = $token;
    cache('delete_token', $delete_token, 86400);
    $this->ok();
}

Logon Detection

In addition to login-related interfaces, other interfaces need to be logged in before they can be accessed.

Test in application/adminapi/controller/BaseApi.php.

(1) Setting up a list of methods that do not require detection

//Requests that do not require login detection
protected $no_login = ['login/login', 'login/captcha'];

(2) Testing

 try{
     $path = strtolower($this->request->controller()) . '/' . $this->request->action();
     if(!in_array($path, $this->no_login)){
         $user_id = \tools\jwt\Token::getUserId();
         //validate logon
         if(empty($user_id)){
             $this->fail('Not logged in or Token invalid', 403);
         }
         //Users to be acquired id Set to Request Information
         $this->request->get(['user_id' => $user_id]);
         $this->request->post(['user_id' => $user_id]);
     }
 }catch(\Exception $e){
     $this->fail('Service exception, please check token token', 403);
 }

Posted by dizzy1 on Tue, 30 Jul 2019 02:43:42 -0700

Hot Keywords

©2024 Programmer Group