1. 首頁
  2. 問答
  3. CakePHP和REST Api適用於離子(角度)應用程序

CakePHP和REST Api適用於離子(角度)應用程序

2016-11-28 139 views
0

你好,我嘗試爲離子(角度)應用程序的其餘客戶端(使用登錄認證)設置cakephp。CakePHP和REST Api適用於離子(角度)應用程序

好吧,我配置CakePHP的像this setup tutorial和例如我得到的數據是:

public function projects() 
{ 

    $projects = $this->Projects->find('all'); 
    $this->set([ 
     'projects' => $projects, 
     '_serialize' => ['projects'] 
    ]); 
}

並獲得通過$.http數據離子

完全這項工作,但我嘗試配置爲移動客戶端蛋糕AUTH 。

我不知道我是如何做到這一點的。在我的Resttest Controller中,我寫了代碼設置了離子應用程序的會話Id,但離子不會緩存這個會話,我認爲是我的cakePhp代碼是錯誤的。

CakePHP的控制器:

<?php 
namespace App\Controller; 

use App\Controller\AppController; 
use Cake\Controller\Component\RequestHandlerComponent; 
// use Cake\View\Helper\SessionHelper; 

class ResttestController extends AppController 
{ 


    public function initialize() 
    { 
     parent::initialize(); 
     $this->loadComponent('RequestHandler'); 
     $this->loadModel('Projects'); 
     $this->loadModel('Task'); 
     $this->loadModel('User'); 
     $this->viewBuilder()->layout(false); 
     $this->response->header('Access-Control-Allow-Origin', '*'); 
     $this->loadComponent('Auth', [ 
      'loginAction' => [ 
       'controller' => $this->name, 
       'action' => 'login', 
       // '_ext'=>'json' 
      ], 
      'authorize'=>['Controller'], 

     ]); 

     // Basic setup 
     $this->Auth->config('authorize', ['Controller']); 
    } 


    public function login(){ 
     header('Access-Control-Allow-Headers: Content-Type, x-xsrf-token'); 
     $this->response->header('Access-Control-Allow-Methods', '*'); 


     if($this->request->is('post')){ 


      $postdata = file_get_contents("php://input"); 
      $d = json_decode($postdata); 

      if($this->Auth->user()){ 
       $response =array("success"=>2,'msg'=>'logged After'); 
      } 

      // $d = $this->request->data; 

      if(!$d->password || !$d->login){ 
       $response = array("success"=>0,'msg'=>'n');   
      } 


      $u = $this->User->find() 
       ->where(['email'=>$d->login]) 
       ->first(); 


      if($u){ 
       $salt = $u->salt; 
       $input_password = crypt($d->password, '$2y$12$' . $salt); 
       $password = $u->password; 


       if($password == $input_password){ 

        $tok = self::getToken(); 
        $u->token = $tok; 

        $out = $this->Auth->setUser($u); 




        $response = array("success"=>1,'msg'=>'logged', 'token'=>$tok, 'out'=>$out,'sadga'=>$this->Auth->identify,'asf'=>$this->Auth,'adsafsfq'=>$d,'$this->request'=>$this->request,'$this->response'=>$this->response,'apache_request_headers '=>apache_request_headers()); 

       }else{ 
        $response = array("success"=>0,'msg'=>'n'); 
       } 


      }else{ 
       $response = array("success"=>0,'msg'=>'n'); 
      } 

     }else{ 
       $response =array("success"=>0,'msg'=>'n'); 

     } 

     $this->set([ 
      'response' => $response, 
      '_serialize' => ['response'] 
     ]); 
    } 


    private function getToken(){ 
     return crypt(sha1(md5(uniqid(rand(), true)))); 
    } 

    public function testAuth(){ 

    } 
}

此代碼返回會話和用戶數據,但不能工作,我覺得是不是移動AUTH好方法。你對cakephp的auth有任何想法嗎? 如何讓我的代碼更安全?

來源

2016-11-28 bradley546994

回答

1

當我們將應用程序拆分爲後端api和前端時,我們應該將後端視爲無狀態應用程序。這意味着您不能使用會話進行身份驗證。

相反,您應該實現auth/login和auth/register rest端點,它們將返回一些令牌,例如JWT。

對於cakephp2可以easely找到這樣的庫:https://github.com/t73biz/cakephp2-jwt-auth

使用該驗證,而不是形式。當你配置驗證組件。 從插件中描述的前端側傳遞令牌。

來源

2016-12-15 13:35:43 skiedr

相關問題

 相關問題