doutan3371 2016-04-21 09:08
浏览 51
已采纳

令牌认证休息API会话

I am using the Slim Framework to create a stateless REST API. Before using this I created a SESSION on server side with session check on every page. But now, I don't know how to control it.

I have an api_key in my database for each user. After a user signin, I respond with a api_key and redirect the user to index.php. But the api_key is not retained. How can I pass the api_key to each page with Javascript? Reason being if someone wants data from my REST API, they have to send me an api_key and also if the user logged in before I don't want to show login page again.

Here is my REST API part:

$app->post('/userlogin', function() use ($app) {
    verifyRequiredParams(array('email', 'password'));
    $email = $app->request->post('email');
    $password = $app->request->post('password');

    $objUserRegLog = new UserRegistrationLogin;
    $result = $objUserRegLog->getUserByEmailAndPassword($email, $password);
    if (!$result) {
        $response["error"] = true;
        $response["message"] = "Error! Invalid e-mail address or password.";
    } else {
        $response["error"] = false;
        $response["id"] = $result["id"];
        $response["email"] = $result["email"];
        $response["api_key"] = $result["api_key"];
    }
    echoResponse(200, $response);
});

$app->get('/students', 'authenticateStudent', function() use ($app) {
    $objStd = new Students;
    $result = $objCases->getAllStudents();
    if (!$result) {
        $response["error"] = true;
        $response["error_msg"] = "An error occured.";
        $status_code = 404;
    } else {
        $response["error"] = false;
        $response["cases"] = $result;
        $status_code = 200;
    }
    echoResponse($status_code, $response);
});

function authenticateStudent(\Slim\Route $route) {
    $headers = apache_request_headers();
    $response = array();
    $app = \Slim\Slim::getInstance();

    if (isset($headers['Authorization'])) {
        $db = new DbOperation();
        $api_key = $headers['Authorization'];
        if (!$db->isValidStudent($api_key)) {
            $response["error"] = true;
            $response["message"] = "Access Denied. Invalid Api key";
            echoResponse(401, $response);
            $app->stop();
        }
    } else {
        $response["error"] = true;
        $response["message"] = "Api key is misssing";
        echoResponse(400, $response);
        $app->stop();
    }
}

And the call with AJAX :

$.signin = function() {
    var inputVals = $("#form_signin").serialize();
    $.ajax({
        url : "api/v1/userlogin",
        data : inputVals,
        dataType : "json",
        type : "post",
        success : function(response) {
            if (response.error) {
                $(".popup").trigger("click");
                $(".modal-title").html(response.message_title);
                $(".modal-body").html(response.message);
            } else {
                window.location.href = "index.php";
            }
            console.log(response);
        }
    });
    return false;
}
  • 写回答

2条回答

  • douyin6188 2016-04-21 09:34
    关注

    Well, you need to understand that every request the client sends to your server is independent, so you need to put a variable (the token) in the client system in order to let him to send it in every request, so you know who is talking to your server all the time. Start reading this: http://www.w3schools.com/php/php_cookies.asp

    Once you understand what are and how cookies work, try to read further about authentication and authorization topics.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 Arcgis相交分析无法绘制一个或多个图形
  • ¥15 seatunnel-web使用SQL组件时候后台报错,无法找到表格
  • ¥15 fpga自动售货机数码管(相关搜索:数字时钟)
  • ¥15 用前端向数据库插入数据,通过debug发现数据能走到后端,但是放行之后就会提示错误
  • ¥30 3天&7天&&15天&销量如何统计同一行
  • ¥30 帮我写一段可以读取LD2450数据并计算距离的Arduino代码
  • ¥15 飞机曲面部件如机翼,壁板等具体的孔位模型
  • ¥15 vs2019中数据导出问题
  • ¥20 云服务Linux系统TCP-MSS值修改?
  • ¥20 关于#单片机#的问题:项目:使用模拟iic与ov2640通讯环境:F407问题:读取的ID号总是0xff,自己调了调发现在读从机数据时,SDA线上并未有信号变化(语言-c语言)