Laravel 5 API 服务端支持签名授权认证

2017/12/12

Laravel 5 API 服务端支持签名授权认证

Github 项目地址: https://github.com/HavenShen/larsign

Api Authorized Signature Middleware for Laravel 5

关于

The larsign package authorized signature server.

Features

  • Handles larsign requests

Installation

Require the havenshen/larsign package in your composer.json and update your dependencies:

$ composer require havenshen/larsign

Add the HavenShen\Larsign\LarsignServiceProvider to your config/app.php providers array:

HavenShen\Larsign\LarsignServiceProvider::class,

Add the HavenShen\Larsign\LarsignFacade to your config/app.php aliases array:

'Larsign' => HavenShen\Larsign\LarsignFacade::class,

Global usage

To allow Larsign for all your routes, add the HandleLarsign middleware in the $middleware property of app/Http/Kernel.php class:

protected $middleware = [
    // ...
    \HavenShen\Larsign\HandleLarsign::class,
];

Group middleware

If you want to allow Larsign on a specific middleware group or route, add the HandleLarsign middleware to your group:

protected $middlewareGroups = [
    'web' => [
       // ...
    ],

    'api' => [
        // ...
        \HavenShen\Larsign\HandleLarsign::class,
    ],
];

Application route middleware

If you want to allow Larsign on a specific application middleware or route, add the HandleLarsign middleware to your application route:

protected $routeMiddleware = [
    // ...
    'auth.larsign' => \HavenShen\Larsign\HandleLarsign::class,
];

Configuration

The defaults are set in config/larsign.php. Copy this file to your own config directory to modify the values. You can publish the config using this command:

$ php artisan vendor:publish --provider="HavenShen\Larsign\LarsignServiceProvider"
return [
    /*
     |--------------------------------------------------------------------------
     | Larsign
     |--------------------------------------------------------------------------
     |
     */
    'headerName' => env('LARSIGN_HEADER_NAME', 'Larsign'),
    'accessKey' => env('LARSIGN_ACCESS_KEY', ''),
    'secretKey' => env('LARSIGN_SECRET_KEY', ''),
];

Add api route in routes/api.php Copy this.

Route::middleware(['auth.larsign'])->group(function () {
    Route::get('/larsign', function () {
    return [
        'message' => 'done.'
    ]);
});

or

Route::get('/larsign', function () {
    return [
        'message' => 'done.'
    ];
})->middleware('auth.larsign');

Client

Generate Larsign signatures

  1. Assume the following management credentials:
AccessKey = "test"
SecretKey = "123456"
  1. Call interface address:
url = "https://larsign.dev/api/v1/test?page=1"
  1. The original string to be signed:

    note: the time-stamping followed by a newline [currenttime + voucher valid seconds]

signingStr = "/api/v1/test?page=1\n1510986405"
  1. Base64 url safe encode:
signingStrBase64UrlSafeEncode = "L2FwaS92MS90ZXN0P3BhZ2U9MQoxNTEwOTg2NDY1"
  1. hmac_sha1 carries SecretKey encryption then base64 url safe encode:
sign = "MLKnFIdI-0TOQ4mHn5TyCcmWACU="
  1. The final administrative credentials are:

    note: stitching headerName Space AccessKey:sign:signingStrBase64UrlSafeEncode

larsignToken = "Larsign test:MLKnFIdI-0TOQ4mHn5TyCcmWACU=:L2FwaS92MS90ZXN0P3BhZ2U9MQoxNTEwOTg2NDY1"
  1. Add http header:

    note: header key in config/larsign.php -> headerName

Larsign:Larsign test:MLKnFIdI-0TOQ4mHn5TyCcmWACU=:L2FwaS92MS90ZXN0P3BhZ2U9MQoxNTEwOTg2NDY1

Client signature authorization failed

Http Response: 403

Testing

$ phpunit

License

The MIT License (MIT). Please see License File for more information.