0

所以我正在开发一个使用摘要身份验证中间件的 api。如果请求中存在特定参数,我希望能够完全绕过身份验证。

public function process(ServerRequestInterface $request, DelegateInterface $delegate)
{
    /* TODO:: Figure out how to bypass the digest auth below */
    /* Have tried: (if detect particular parameter) */
    // return new Response\HtmlResponse(true);
    // return new Response();

    /* Begin digest authentication */
    $authentication = new DigestAuthentication($this->credentials);
    $authentication->realm($this->realm);
    $authentication->nonce(uniqid());

    return $authentication(
        $request,
        new Response(),
        function ($request) use ($delegate) {
            return $delegate->process($request);
        }
    );
}

小伙子们,我有正确的想法吗?欢迎任何帮助或建议!

4

1 回答 1

0

你有几个选择:

  1. 如果 Api 只有少数需要认证的路由,您可以仅为这些路由手动添加中间件,其余的不需要认证。例如:
 'home'    => [
                    'path'            => '/',
                    'middleware'      => [YourAuthenthicationMiddleware::class, HomePageHandler::class],
                    'allowed_methods' => ['GET'],
                    'name'            => 'home',

                ],
  1. 如果有一些不需要身份验证的路由,您可以将它们放在与 API 不同的路径中并添加此管道:
$app->pipe('/api', YourAuthenthicationMiddleware::class);

No auth path: /myApp/any/path
Auth path: /api/any/path
  1. 为每条路由设置一个密钥,并在认证中间件中检查
Route:
'login'   => [
                    'path'            => '/login[/]',
                    'middleware'      => LoginHandler::class,
                    'allowed_methods' => ['GET', 'POST'],
                    'name'            => 'login',
                    'authentication'  => [
                        'bypass' => true,
                    ],
                ],

AuthenticationMiddleware:

$this->routeConfiguration    = $config['routes'];
$routeResult = $request->getAttribute(RouteResult::class);
...
if (empty($this->routeConfiguration[$routeResult->getMatchedRouteName()]['authentication']['bypass'])) {
//try to authenticate
}

对于最后一个选项,请确保注入此管道:

$app->pipe(RouteMiddleware::class);
于 2019-04-16T13:09:36.543 回答