-
Notifications
You must be signed in to change notification settings - Fork 0
/
params.json
executable file
·6 lines (6 loc) · 5.57 KB
/
params.json
1
2
3
4
5
6
{
"name": "Phalcon-jwt-auth",
"tagline": "Basic jwt authentication class for Phalcon framework",
"body": "# phalcon-jwt-auth\r\n\r\nA simple JWT middleware for Phalcon Micro to handle stateless authentication.\r\n\r\n## Installation\r\n```\r\ncomposer require dmkit/phalcon-jwt-auth\r\n```\r\nor in your composer.json\r\n```\r\n{\r\n \"require\": {\r\n\t\t\"dmkit/phalcon-jwt-auth\" : \"dev-master\"\r\n }\r\n}\r\n\r\n```\r\nthen run\r\n```\r\ncomposer update\r\n```\r\n\r\n## Usage\r\n\r\n### Configuration - Loading the config service\r\n\r\nin config.ini or in any config file\r\n``` \r\n[jwtAuth]\r\n\r\n; JWT Secret Key\r\nsecretKey = 923753F2317FC1EE5B52DF23951B\r\n\r\n; JWT default Payload\r\n\r\n;; expiry time in minutes\r\npayload[exp] = 1440\r\npayload[iss] = phalcon-jwt-auth\r\n\r\n; Micro Applications do not have a controller or dispatcher\r\n; so to know the resource being called we have to check the actual URL.\r\n\r\n; If you want to disable the middleware on certain routes or resource:\r\n;; index\r\nignoreUri[] = /\r\n\r\n;; regex pattern with http methods\r\nignoreUri[] = regex:/application/\r\nignoreUri[] = regex:/users/:POST,PUT\r\n\r\n;; literal strings\r\nignoreUri[] = /auth/user:POST,PUT\r\nignoreUri[] = /auth/application\r\n```\r\n\r\nin bootstrap or index file\r\n```\r\nuse Phalcon\\Mvc\\Micro;\r\nuse Phalcon\\Config\\Adapter\\Ini as ConfigIni;\r\nuse Phalcon\\Di\\FactoryDefault;\r\nuse Dmkit\\Phalcon\\Auth\\Middleware\\Micro as AuthMicro;\r\n\r\n// set default services\r\n$di = new FactoryDefault();\r\n\r\n/**\r\n * IMPORTANT:\r\n * You must set \"config\" service that will load the configuration file. \r\n */\r\n$config = new ConfigIni( APP_PATH . \"app/config/config.ini\");\r\n$di->set(\r\n \"config\",\r\n function () use($config) {\r\n return $config;\r\n }\r\n);\r\n\r\n$app = new Micro($di);\r\n\r\n// AUTH MICRO\r\n$auth = new AuthMicro($app);\r\n\r\n$app->handle();\r\n```\r\n\r\n### Configuration - Don't want to use a config file? then pass the config instead\r\nin bootstrap or index file\r\n```\r\nuse Phalcon\\Mvc\\Micro;\r\nuse Phalcon\\Config\\Adapter\\Ini as ConfigIni;\r\nuse Phalcon\\Di\\FactoryDefault;\r\nuse Dmkit\\Phalcon\\Auth\\Middleware\\Micro as AuthMicro;\r\n\r\n// set default services\r\n$di = new FactoryDefault();\r\n\r\n$app = new Micro($di);\r\n\r\n// SETUP THE CONFIG\r\n$authConfig = [\r\n 'secretKey' => '923753F2317FC1EE5B52DF23951B1',\r\n 'payload' => [\r\n 'exp' => 1440,\r\n 'iss' => 'phalcon-jwt-auth'\r\n ],\r\n 'ignoreUri' : [\r\n '/',\r\n 'regex:/application/',\r\n 'regex:/users/:POST,PUT',\r\n '/auth/user:POST,PUT',\r\n '/auth/application'\r\n ]\r\n];\r\n\r\n// AUTH MICRO\r\n$auth = new AuthMicro($app, $authConfig);\r\n\r\n$app->handle();\r\n```\r\n\r\n### Authentication\r\nTo make authenticated requests via http, you will need to set an authorization headers as follows:\r\n```\r\nAuthorization: Bearer {yourtokenhere}\r\n```\r\nor pass the token as a query string\r\n```\r\n?token={yourtokenhere}\r\n```\r\n\r\n### Callbacks\r\n\r\nBy default if the authentication fails, the middleware will stop the execution of routes and will immediately return a response of 401 Unauthorized. If you want to add your own handler:\r\n```\r\n$auth->onUnauthorized(function($authMicro, $app) {\r\n\r\n $response = $app[\"response\"];\r\n $response->setStatusCode(401, 'Unauthorized');\r\n $response->setContentType(\"application/json\");\r\n \r\n // to get the error messages\r\n $response->setContent(json_encode([$authMicro->getMessages()[0]]));\r\n $response->send();\r\n \r\n // return false to stop the execution\r\n return false;\r\n});\r\n```\r\n\r\nIf you want an additional checking on the authentication, like intentionally expiring a token based on the payload issued date, you may do so:\r\n```\r\n$auth->onCheck(function($auth) {\r\n // to get the payload\r\n $data = $auth->data();\r\n \r\n if($data['iat'] <= strtotime('-1 day')) ) {\r\n // return false to invalidate the authentication\r\n return false;\r\n }\r\n \r\n});\r\n```\r\n\r\n### The Auth service\r\n\r\nYou can access the middleware by calling the \"auth\" service. \r\n```\r\nprint_r( $app['auth']->data() );\r\n\r\nprint_r( $app->getDI()->get('auth')->data('email') );\r\n\r\n// in your contoller\r\nprint_r( $this->auth->data() );\r\n```\r\nIf you want to change the service name:\r\n```\r\nAuthMicro::$diName = 'jwtAuth';\r\n```\r\n\r\n### Creating a token\r\n\r\nIn your controller or route handler\r\n```\r\n$payload = [ \r\n 'sub' => $user->id, \r\n 'email' => $user->email,\r\n 'username' => $user->username,\r\n 'role' => 'admin',\r\n 'iat' => time(),\r\n];\r\n$token = $this->auth->make($payload);\r\n```\r\n\r\n### Accessing the authenticated user / data\r\nIn your controller or route handler\r\n```\r\necho $this->auth->id(); // will look for sub or id payload\r\n\r\necho $this->auth->data(); // return all payload\r\n\r\necho $this->auth->data('email');\r\n```\r\n\r\n\r\n### Extending\r\nIf you want to add your own middleware or play around:\r\n```\r\nDmkit\\Phalcon\\Auth\\Auth.php and its adapters - does all the authentication\r\n\r\nDmkit\\Phalcon\\Auth\\TokenGetter\\TokenGetter.php and its adapters - does the parsing or getting of token\r\n```\r\n\r\n### JWT\r\nPhalcon JWT Auth uses the Firebase JWT library. To learn more about it and JSON Web Tokens in general, visit: https://github.com/firebase/php-jwt\r\nhttps://jwt.io/introduction/\r\n",
"note": "Don't delete this file! It's used internally to help with page regeneration."
}