Home > Article > Backend Development > PHP customizes the token class and puts the generated token in the Authorization of the http request header.
PHP customizes the token class and puts the generated token in the Authorization of the http request header.
- 不言Original
- 2018-08-15 16:42:308219browse
The content of this article is about the code of php customizing the token class and placing the generated token in the Authorization of the http request header. It has certain reference value. Friends in need can refer to it. I hope It will help you.
When I was using laravel to write something today, I needed to interact with the front-end. I saw jwt (json web token), so I wanted to try to write a simple token class. The token stores member ids and members. Permissions, when interacting with the front end, put the generated token in the Authorization of the http request header, organized as follows:
<?php
namespace App\Http\Controllers\Auth;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
class TokenController extends Controller{
/**
* header
* @var array
*/
private static $header = [
"type" => "token",
"alg" => "HS256"
]; /**
* create payload
* @param $memberId
* @param $permission
* @return array
*/
private static function payload($memberId, $permission)
{
return [
"iss" => "http://api.creatshare.com",
"iat" => $_SERVER['REQUEST_TIME'],
"exp" => $_SERVER['REQUEST_TIME'] + 7200,
"GivenName" => "CreatShare",
"memberId" => $memberId,
"permission"=> $permission
];
} /**
* encode data
* @param $data
* @return string
*/
private static function encode($data)
{
return base64_encode(json_encode($data));
} /**
* generate a signature
* @param $header
* @param $payload
* @param string $secret
* @return string
*/
private static function signature($header, $payload, $secret = 'secret')
{
return hash_hmac('sha256', $header.$payload, $secret);
} /**
* generate a token
* @param $memberId
* @param $permission
* @return string
*/
public static function createToken($memberId, $permission)
{
$header = self::encode(self::$header);
$payload = self::encode(self::payload($memberId, $permission));
$signature = self::signature($header, $payload);
return $header . '.' .$payload . '.' . $signature;
} /**
* check a token
* @param $jwt
* @param string $key
* @return array|string
*/
public static function checkToken($jwt, $key = 'secret')
{
$token = explode('.', $jwt);
if (count($token) != 3)
return 'token invalid';
list($header64, $payload64, $sign) = $token;
if (self::signature($header64 , $payload64) !== $sign)
return 'token invalid';
$header = json_decode(base64_decode($header64), JSON_OBJECT_AS_ARRAY);
$payload = json_decode(base64_decode($payload64), JSON_OBJECT_AS_ARRAY);
if ($header['type'] != 'token' || $header['alg'] != 'HS256')
return 'token invalid';
if ($payload['iss'] != 'http://api.creatshare.com' || $payload['GivenName'] != 'CreatShare')
return 'token invalid';
if (isset($payload['exp']) && $payload['exp'] < time())
return 'timeout';
return [
'memberId' => $payload['memberId'],
'permission' =>$payload['permission']
];
} /**
* get a token
* @return null
*/
public static function getToken()
{
$token = null;
if (isset($_SERVER['HTTP_AUTHORIZATION']))
$token = $_SERVER['HTTP_AUTHORIZATION'];
return $token;
}
}$token = Token::createToken($member_id, $member_permission); //创建一个 token$token = Token::getToken(); //从http请求头获取 token$result = Token::checkToken(); //解析token
Related recommendations:
php xml operation class (customized)
PHP implements customizable style paging classes, php custom style paging
Custom classes in php Automatic file loading
The above is the detailed content of PHP customizes the token class and puts the generated token in the Authorization of the http request header.. For more information, please follow other related articles on the PHP Chinese website!