当前位置:网站首页>Actual combat simulation │ JWT login authentication

Actual combat simulation │ JWT login authentication

2022-07-04 19:46:00 Geek flying rabbit

Token The certification process

  • As the most popular cross domain authentication solution ,JWT(JSON Web Token) Loved by developers , The main process is as follows :
  • The client sends an account and password to request login
  • The server receives the request , Verify whether the account and password pass
  • After successful verification , The server will generate a unique token, And return it to the client
  • Client received token, Store it in cookie perhaps localStroge in
  • After that, every time the client sends a request to the server , Will pass cookie perhaps header Take with you token
  • Server side validation token The effectiveness of the , The data of the response is returned only after passing
be based on Token The certification process

Token Certification benefits

  • Support cross domain access :Cookie Cross domain access is not allowed , That's right Token There is no mechanism , The premise is that the transmitted user authentication information passes HTTP Head transmission
  • No state :Token The mechanism does not need storage on the server session Information , because Token It contains the information of all users who log in , Just on the client side cookie Or local media storage status information
  • More applicable : As long as it's support http Protocol client , You can use token authentication .
  • Don't need to consider CSRF: Because no longer rely on cookie, So using token The authentication method will not happen CSRF, So there is no need to consider CSRF Defense

JWT structure

  • One JWT It's actually a string , It consists of three parts : Head load And Signature . Middle point . Divided into three parts . Be careful JWT There is no line break inside .
JWT structure
  • Head / header
  • header It's made up of two parts : token The type of JWT And algorithm name :HMACSHA256RSA
{
  "alg": "HS256",
  "typ": "JWT"
}
  • load / Payload
  • Payload Part of it is also a JSON object , It is used to store the data that needs to be transferred .JWT Specify seven default fields to choose from .
  • In addition to the default fields , You can add any field you want , Generally, after the user logs in successfully , Store user information here
iss: The issuer 
exp: Due time 
sub: The theme 
aud: user 
nbf: Not available until 
iat: Release time 
jti:JWT ID Used to identify the JWT
{
  "iss": "xxxxxxx",
  "sub": "xxxxxxx",
  "aud": "xxxxxxx",
  "user": [
  	  'username': ' Geek flying rabbit ',
  	  'gender': 1,
  	  'nickname': ' Flying rabbit ' 
   ] 
}
  • Signature / Signature
  • The signature part is on the above Head 、 load Data signature with two parts of data
  • To ensure that the data is not tampered with , You need to specify a key , And this key is usually only known by you , And stored on the server
  • The code to generate the signature is generally as follows :
//  among secret  It's the key 
String signature = HMACSHA256(base64UrlEncode(header) + "." + base64UrlEncode(payload), secret)

JWT Basic use

  • The client receives the JWT, Can be stored in Cookie Inside , It can also be stored in localStorage
  • then Every time the client communicates with the server , Take this with you JWT
  • hold JWT Save in Cookie Send request inside , It can't be Cross domain
  • It's better to put it in HTTP Requested header information Authorization In the field
fetch('license/login', {
	headers: {
		'Authorization': 'X-TOKEN' + token
	}
})

actual combat : Use JWT Login authentication

  • Use here ThinkPHP6 Integrate JWT Login and authenticate for actual combat simulation

  • install JWT Expand

composer require firebase/php-jwt
  • Package generation JWT And decryption methods
<?php
/**
 * Desc: JWT authentication 
 * Author: autofelix
 * Time: 2022/07/04
 */

namespace app\services;

use app\Helper;
use Firebase\JWT\JWT;
use Firebase\JWT\Key;

class JwtService
{
    protected $salt;

    public function __construct()
    {
        // Get a unique string from the configuration information , You can write whatever you like md5('token')
        $this->salt = config('jwt.salt') || "autofelix";
    }

    // jwt Generate 
    public function generateToken($user)
    {
        $data = array(
            "iss" => 'autofelix',        // Issuer   Can be null 
            "aud" => 'autofelix',             // Face users , Can be null 
            "iat" => Helper::getTimestamp(),   // The issuance of time 
            "nbf" => Helper::getTimestamp(),   // Take effect immediately 
            "exp" => Helper::getTimestamp() + 7200, //token  Expiration time   Two hours 
            "user" => [ //  Record user information 
                'id' => $user->id,
                'username' => $user->username,
                'truename' => $user->truename,
                'phone' => $user->phone,
                'email' => $user->email,
                'role_id' => $user->role_id
            ]
        );
        $jwt = JWT::encode($data, md5($this->salt), 'HS256');
        return $jwt;
    }

    // jwt Decrypt 
    public function chekToken($token)
    {
        JWT::$leeway = 60; // Subtract... From the current time 60, Leave some room for time 
        $decoded = JWT::decode($token, new Key(md5($this->salt), 'HS256'));
        return $decoded;
    }
}
  • After the user logs in , Generate JWT identification
<?php
declare (strict_types=1);

namespace app\controller;

use think\Request;
use app\ResponseCode;
use app\Helper;
use app\model\User as UserModel;
use app\services\JwtService;

class License
{
    public function login(Request $request)
    {
        $data = $request->only(['username', 'password', 'code']);

        // .... Relevant logic for verification ...
        $user = UserModel::where('username', $data['username'])->find();
		
		//  Verify by generating  JWT,  Return to front end save 
        $token = (new JwtService())->generateToken($user);

        return json([
            'code' => ResponseCode::SUCCESS,
            'message' => ' Login successful ',
            'data' => [
                'token' => $token
            ]
        ]);
    }
}
  • Middleware verifies whether the user logs in
  • stay middleware.php Register middleware
<?php
//  Global middleware definition file 
return [
	// ... Other middleware 
    // JWT verification 
    \app\middleware\Auth::class
];
  • After registering middleware , Improve the verification logic in the permission verification middleware
<?php
declare (strict_types=1);

namespace app\middleware;

use app\ResponseCode;
use app\services\JwtService;

class Auth
{
    private $router_white_list = ['login'];

    public function handle($request, \Closure $next)
    {
        if (!in_array($request->pathinfo(), $this->router_white_list)) {
            $token = $request->header('token');

            try {
            	// jwt  verification 
                $jwt = (new JwtService())->chekToken($token);
            } catch (\Throwable $e) {
                return json([
                    'code' => ResponseCode::ERROR,
                    'msg' => 'Token Validation failed '
                ]);
            }

            $request->user = $jwt->user;
        }

        return $next($request);
    }
}
原网站

版权声明
本文为[Geek flying rabbit]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/185/202207041806131372.html