How to implement authentication and permission control in PHP microservices

How to implement authentication and permission control in PHP microservices

With the continuous development of Internet services, more and more applications adopt microservice architecture to improve the scalability and maintainability of the system. In the microservice architecture, authentication and permission control are very important. It can protect the security of the system, ensure the confidentiality of user data, and ensure that only authorized users can access specific resources.

This article will introduce how to implement authentication and permission control in PHP microservices and provide corresponding code examples.

1. JWT Authentication

Json Web Token (JWT) is a method of securely transmitting objects for authentication and authorization. It consists of three parts: header, payload and signature. First, we need to install the firebase/php-jwt library to implement JWT authentication.

composer require firebase/php-jwt

Next, we can create an AuthController class to handle user authentication related logic.

use FirebaseJWTJWT;

class AuthController {
    private $secret = "your-secret-key";

    public function login($username, $password) {
        // 验证用户名和密码
        if ($username == "admin" && $password == "password") {
            // 生成JWT
            $tokenId = base64_encode(random_bytes(32));
            $issuedAt = time();
            $expire = $issuedAt + 60; // Token 有效期为60秒

            $data = [
                'iat' => $issuedAt,
                'jti' => $tokenId,
                'exp' => $expire,
                'data' => [
                    // 可以存储用户ID、权限等信息
                    'userId' => 1,
                    'role' => 'admin'
                ]
            ];

            $jwt = JWT::encode($data, $this->secret, 'HS256');

            return $jwt;
        } else {
            throw new Exception('Invalid credentials');
        }
    }

    public function verifyToken($jwt) {
        try {
            $decoded = JWT::decode($jwt, $this->secret, ['HS256']);
            return (array) $decoded->data;
        } catch (Exception $e) {
            throw new Exception('Invalid token');
        }
    }
}

The above code implements the login logic and JWT verification logic. During the login process we generate the JWT for the first time and return it to the user. Users need to include JWT in the header of each request. The server can confirm the user's identity by verifying the JWT.

2. Permission control

After implementing authentication, we also need to perform permission control. We can create a Permission class for checking user permissions.

class Permission {
    public function checkPermission($role, $resource) {
        // 根据用户角色和资源来检查权限
        $permissions = [
            'admin' => ['create', 'read', 'update', 'delete'],
            'user' => ['read', 'create']
        ];

        if (isset($permissions[$role]) && in_array($resource, $permissions[$role])) {
            return true;
        } else {
            return false;
        }
    }
}

In the controller in the microservice, we can use the AuthController and Permission classes to implement authentication and permission control.

class UserController {
    private $authController;
    private $permission;

    public function __construct() {
        $this->authController = new AuthController();
        $this->permission = new Permission();
    }

    public function create($username, $password) {
        // 验证用户身份
        $jwt = $this->authController->login($username, $password);

        // 可以将生成的JWT存储在会话、Cookie或者返回给客户端
        // ...

        // 检查用户权限
        $decoded = $this->authController->verifyToken($jwt);

        if ($this->permission->checkPermission($decoded['role'], 'create')) {
            // 创建用户的逻辑
            // ...
        } else {
            throw new Exception('Permission denied');
        }
    }
}

In the above code, we call the login method of the AuthController class to implement the login logic and return the returned JWT to the user. In the create method, we first verify the validity of the JWT through the verifyToken method, and then call the checkPermission method of the Permission class to check the user Do you have permission to create users?

Summary
Implementing authentication and permission control in PHP microservices is a very important part. Through the combination of JWT authentication and permission checking classes, we can achieve safe and reliable authentication and permission control. The code examples provided above can help you quickly understand and implement these functions. Remember, the code should be tested in more detail and comprehensively in a production environment, and expanded and optimized based on actual needs.

The above is the detailed content of How to implement authentication and permission control in PHP microservices. For more information, please follow other related articles on the PHP Chinese website!