我正在尝试创建带有身份验证的简单REST API。但是,出了点问题。
我在Yii Framework 2中使用了高级模板。我以前从未为yii编程,所以我正在学习。
我的代码:
〜/ api->配置-> main.php
<?php
$params = array_merge(
require(__DIR__ . '/../../common/config/params.php'),
require(__DIR__ . '/../../common/config/params-local.php'),
require(__DIR__ . '/params.php'),
require(__DIR__ . '/params-local.php')
);
return [
'id' => 'app-api',
'basePath' => dirname(__DIR__),
'bootstrap' => ['log'],
'modules' => [
'v1' => [
'basePath' => '@app/modules/v1',
'class' => 'api\modules\v1\Module'
]
],
'components' => [
'user' => [
'identityClass' => 'common\models\User',
'enableAutoLogin' => false,
],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning'],
],
],
],
'request' => [
'class' => '\yii\web\Request',
'enableCookieValidation' => false,
'parsers' => [
'application/json' => 'yii\web\JsonParser',
],
],
'urlManager' => [
'enablePrettyUrl' => true,
'enableStrictParsing' => true,
'showScriptName' => false,
'rules' => [
[
'class' => 'yii\rest\UrlRule',
'controller' => 'v1/teste',
'extraPatterns' => [
'GET testando' => 'testando',
],
],
[
'class' => 'yii\rest\UrlRule',
'controller' => 'v1/user',
'extraPatterns' => [
'GET login' => 'login',
],
],
'OPTIONS v1/user/login' => 'v1/user/login',
'POST v1/user/login' => 'v1/user/login',
],
]
],
'params' => $params,
];
->模块-> v1->控制器-> TesteController.php
<?php
namespace api\modules\v1\controllers;
//Formato json
use yii\filters\ContentNegotiator;
use yii\web\Response;
//Banco de dados
use yii\db\ActiveRecord;
//Segurança
use yii\filters\auth\CompositeAuth;
use yii\filters\auth\QueryParamAuth;
//Rest api
use yii\rest\ActiveController;
/**
* Country Controller API
*
* @author Budi Irawan <[email protected]>
*/
class TesteController extends ActiveController
{
public $modelClass = 'api\modules\v1\models\Teste';
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => QueryParamAuth::className(),
];
$behaviors['bootstrap'] = [
'class' => ContentNegotiator::className(),
'formats' => [
'application/json' => Response::FORMAT_JSON,
],
];
return $behaviors;
}
public function actionTestando(){
echo "testado";
}
}
->模块-> v1->控制器-> UserController.php
<?php
namespace api\modules\v1\controllers;
use common\models\LoginForm;
use yii\rest\ActiveController;
class UserController extends ActiveController
{
public $modelClass = 'common\models\User';
public function actionLogin()
{
$model = new LoginForm();
if ($model->load(\Yii::$app->getRequest()->getBodyParams(), '') && $model->login()) {
echo \Yii::$app->user->identity->getAuthKey();
} else {
return $model;
}
}
public function actionIndex()
{
if (\Yii::$app->user->isGuest) {
throw new \HttpHeaderException();
}
return \Yii::$app->user->getId();
}
}
->模块-> v1->模型-> Teste.php
<?php
namespace api\modules\v1\models;
use yii\behaviors\TimestampBehavior;
use \yii\db\ActiveRecord;
class Teste extends ActiveRecord
{
/**
* @inheritdoc
*/
public static function tableName()
{
return '{{%teste}}';
}
/**
* @inheritdoc
*/
public function behaviors()
{
return [
TimestampBehavior::className(),
];
}
}
->模块-> v1->模型-> User.php
<?php
namespace api\modules\v1\models;
use common\models\User as CommonUser;
class User extends CommonUser
{
}
->模块-> v1-> Module.php
<?php
namespace api\modules\v1;
class Module extends \yii\base\Module
{
public $controllerNamespace = 'api\modules\v1\controllers';
public function init()
{
parent::init();
}
}
然后,当我使用以下方法测试REST API时:
curl -D- -u admin:123mudar! -H "Content-Type:application/json" 'http://www.domain.com/v1/testa/api/web/v1/testes'
我有:
HTTP/1.1 401 Unauthorized
Date: Mon, 18 Aug 2014 22:44:10 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
{"type":"yii\\web\\UnauthorizedHttpException","name":"Unauthorized","message":"You are requesting with an invalid access token.","code":0,"status":401}
即使当我使用restClient插件时。缺什么?
数据库表结构:
CREATE TABLE IF NOT EXISTS `teste` (
`codigo` int(11) NOT NULL AUTO_INCREMENT,
`nome` varchar(100) NOT NULL,
PRIMARY KEY (`codigo`),
KEY `nome` (`nome`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=3 ;
INSERT INTO `teste` (`codigo`, `nome`) VALUES
(1, 'valor 1'),
(2, 'valor 2');
CREATE TABLE IF NOT EXISTS `user` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(255) NOT NULL,
`auth_key` varchar(32) NOT NULL,
`password_hash` varchar(255) NOT NULL,
`password_reset_token` varchar(255) DEFAULT NULL,
`email` varchar(255) NOT NULL,
`role` smallint(6) NOT NULL DEFAULT '10',
`status` smallint(6) NOT NULL DEFAULT '10',
`created_at` int(11) NOT NULL,
`updated_at` int(11) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;
INSERT INTO `user` (`id`, `username`, `auth_key`, `password_hash`, `password_reset_token`, `email`, `role`, `status`, `created_at`, `updated_at`) VALUES
(1, 'admin', '79UF7P3XNV9t075lv1kA8G3mYVaysaIw', '$2y$13$A8x5bNgFSwyN6RTFtgZ2h.oGu87gWqiRrci/jZYzT.KwF6o6sLTzC', NULL, '[email protected]', 10, 10, 1408061655, 1408061655);
Yii2 RESTful API使用access-token
而不是进行身份验证username:password
,如果您的用户表没有access_token
列,请创建一个并更新您的用户;
Yii2基本模板的用户模型具有access_token
,如下所示:
private static $users = [ '100' => [ 'id' => '100', 'username' => 'admin', 'password' => 'admin', 'authKey' => 'test100key', 'accessToken' => '100-token', ], '101' => [ 'id' => '101', 'username' => 'demo', 'password' => 'demo', 'authKey' => 'test101key', 'accessToken' => '101-token', ], ];
然后,当您请求时,将其accessToken
用作username
并password
留空,请尝试一下。
另一种方法,您可以使用use yii\filters\auth\QueryParamAuth;
并且仅用于curl http://192.168.4.126/news/126?access-token=100-token
测试,都可以。
更多细节,可以参考我的文章:
http://www.cnblogs.com/ganiks/p/yii2-restful-api-dev.html
最后,如果您确实想使用username:password
,可以重新构建yii2-rest,请参阅:
http://www.cnblogs.com/ganiks/p/yii2-restful-api-mechanism.html
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句