このモジュールは、CI フレームワークでパスワードの生成、ログイン、トークンの確認機能を共有して使用することを目的として作成されました。以下はモジュールの設定方法です。
autoload.phpファイルの設定:
$autoload[‘libraries’] = array(‘database’);
config.phpファイルの設定:
$config[‘authenticate’] = array(
“user” => array( // Thông tin một số column map với user
“table” => “user”,
“idCol” => “id”,
“passwordCol” => “password”,
“usernameCol” => “username”
),
“token” => array( // Thông tin một số column map với token
“table” => “token”,
“tokenCol” => “token”,
“userIdCol” => “user_id”,
“datetimeCol” => “datetime”,
),
“refresh_token” => array( // Thông tin một số column map với rếh token
“table” => “refresh_token”,
“tokenCol” => “token”,
“userIdCol” => “user_id”,
“datetimeCol” => “datetime”,
),
“one_at_time” => true, //Sẽ xoá token trước đó của user
“accesstk_life_time” => 100, //Thời gian sống của access token
“refreshtk_life_time” => 20, //Thời gian sống của refresh token
“accesstk_host” => “http://localhost:8282/ci/token/check”, //url kiểm tra token
“refreshtk_host” => “http://localhost:8282/ci/token/check”, //url refresh token để nhận lại access token mới
);
ユーザー、トークン、リフレッシュトークンの設定は、データベースのカラムとテーブルに対応します
Auth.phpファイルをライブラリディレクトリに配置します。
コンストラクタでライブラリを読み込みます: $this->load->library(“Auth”);
Auth::createPassword($password); パスワードを生成します。
Auth::login($username, $password); ログイン情報を確認し、正しければアクセストークンとリフレッシュトークンを返します。
Auth::accessToken($token); アクセストークンの有効性を確認します。
Auth::accessTokenCurl($token); トークンをホストに送信して有効性を確認します。
Auth::refreshToken($token); リフレッシュトークンの有効性を確認します。
Auth::refreshTokenCurl($token); リフレッシュトークンをホストに送信して有効性を確認します。
<CODE>
<?php
defined(‘BASEPATH’) OR exit(‘No direct script access allowed’);
class Auth {
private static $msgRetOk = array(
“code” => 200,
“msg” => “Success”
);
private static $msgRetFail = array(
“code” => 500,
“msg” => “Fail”
);
public static function login($username,$password){
if($username == NULL || $password == NULL || empty($username) || empty($password)){
return NULL;
}
$ci =& get_instance();
$config = $ci->config->item(“authenticate”);
$user = $ci->db->query(“SELECT * FROM `”.$config[‘user’][‘table’].”` WHERE `”.$config[‘user’][‘usernameCol’].”`=’$username'”)->result_array();
if($user != NULL){
$user = $user[0];
}else{
return self::$msgRetFail;
}
if(self::comparePassword($user[‘password’],$password) == false){
return self::$msgRetFail;
}
$token = self::createToken($user[$config[‘user’][‘idCol’]]);
if($config[‘one_at_time’] == true){
$ci->db->query(“DELETE FROM `”.$config[‘token’][‘table’].”` WHERE `”.$config[‘token’][‘userIdCol’].”`='”.$user[$config[‘user’][‘idCol’]].”‘”);
}
$ci->db->query(“INSERT INTO `”.$config[‘token’][‘table’].”`(`”.$config[‘token’][‘tokenCol’].”`,`”.$config[‘token’][‘userIdCol’].”`) VALUES (‘”.$token.”‘,'”.$user[$config[‘user’][‘idCol’]].”‘)”);
if(isset($config[‘refresh_token’]) == true && $config[‘refresh_token’] != NULL){
$refreshtk = self::createRefreshToken($user[$config[‘user’][‘idCol’]]);
$ci->db->query(“INSERT INTO `”.$config[‘refresh_token’][‘table’].”`(`”.$config[‘refresh_token’][‘tokenCol’].”`,`”.$config[‘refresh_token’][‘userIdCol’].”`) VALUES (‘”.$refreshtk.”‘,'”.$user[$config[‘user’][‘idCol’]].”‘)”);
if($ci->db->affected_rows() > 0){
self::$msgRetOk[‘refresh_token’] = $refreshtk;
}
}
if($ci->db->affected_rows() == 0){
return self::$msgRetFail;
}
self::$msgRetOk[“token”] = $token;
return self::$msgRetOk;
}
static function createPassword($password){
$salt = self::generateSalt();
$saltPW = sha1($password.$salt);
return $saltPW.$salt;
}
static function comparePassword($storedPW,$password){
$salt = substr($storedPW, count($storedPW) – 1 -25);
$saltPW = sha1($password.$salt);
if($saltPW.$salt === $storedPW)
return true;
return false;
}
static function generateSalt() {
$string = self::generateRandomString();
$shuffled_mixture = str_shuffle(Time().$string);
return $shuffled_mixture;
}
static function generateRandomString($length = 15) {
$characters = ‘0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ’;
$randomString = ”;
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, strlen($characters) – 1)];
}
return $randomString;
}
public static function accessToken($token){
if($token == NULL)
return self::$msgRetFail;
$ci =& get_instance();
$config = $ci->config->item(“authenticate”);
$time = substr($token, count($token) – 1 -13);
if($time == false || is_numeric($time) == false){
return self::$msgRetFail;
}
$time = strtotime(date(“Y-m-d H:i:s”)) – (int)($time/1000);
if($time/60 > (int)$config[‘accesstk_life_time’]){
return self::$msgRetFail;
}
$token = $ci->db->query(“SELECT * FROM `”.$config[‘token’][‘table’].”` WHERE `”.$config[‘token’][‘tokenCol’].”`=’$token'”)->result_array();
if($token != NULL){
$token = $token[0];
}else{
return self::$msgRetFail;
}
return self::$msgRetOk;
}
public static function accessTokenCurl($token){
$ci =& get_instance();
$config = $ci->config->item(“authenticate”);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $config[‘accesstk_host’]);
curl_setopt($curl, CURLOPT_USERAGENT, “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)”);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,false);
curl_setopt($curl, CURLOPT_MAXREDIRS, 10);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($curl, CURLOPT_TIMEOUT, 20);
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
‘access_token: ‘.$token,
));
$result = json_decode(curl_exec($curl));
curl_close ($curl);
return $result;
}
static function createToken($id){
$random = self::generateRandomString(30);
$timestamp = round(microtime(true)*1000);
return md5($random.$timestamp.$id).$timestamp;
}
public static function refreshToken($refreshToken){
if($refreshToken == NULL)
return self::$msgRetFail;
$ci =& get_instance();
$config = $ci->config->item(“authenticate”);
if(isset($config[‘refresh_token’]) == false || $config[‘refresh_token’] == NULL)
return self::$msgRetFail;
$time = substr($refreshToken, count($refreshToken) – 1 -13);
if($time == false || is_numeric($time) == false){
return self::$msgRetFail;
}
$time = strtotime(date(“Y-m-d H:i:s”)) – (int)($time/1000);
if($time/60 > (int)$config[‘refreshtk_life_time’]){
return self::$msgRetFail;
}
$refreshToken = $ci->db->query(“SELECT * FROM `”.$config[‘refresh_token’][‘table’].”` WHERE `”.$config[‘refresh_token’][‘tokenCol’].”`=’$refreshToken'”)->result_array();
if($refreshToken != NULL){
$refreshToken = $refreshToken[0];
}else{
return self::$msgRetFail;
}
$token = self::createToken($refreshToken[$config[‘refresh_token’][‘userIdCol’]]);
if($config[‘one_at_time’] == true){
$ci->db->query(“DELETE FROM `”.$config[‘token’][‘table’].”` WHERE `”.$config[‘token’][‘userIdCol’].”`='”.$refreshToken[$config[‘refresh_token’][‘userIdCol’]].”‘”);
}
$ci->db->query(“INSERT INTO `”.$config[‘token’][‘table’].”`(`”.$config[‘token’][‘tokenCol’].”`,`”.$config[‘token’][‘userIdCol’].”`) VALUES (‘”.$token.”‘,'”.$refreshToken[$config[‘refresh_token’][‘userIdCol’]].”‘)”);
if($ci->db->affected_rows() == 0){
return self::$msgRetFail;
}
self::$msgRetOk[“msg”] = $token;
return self::$msgRetOk;
}
static function createRefreshToken($id){
$random = self::generateRandomString(30);
$timestamp = round(microtime(true)*1000);
return md5($random.$timestamp.”refresh”.$id).$timestamp;
}
public static function refreshTokenCurl($token){
$ci =& get_instance();
$config = $ci->config->item(“authenticate”);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $config[‘refreshtk_host’]);
curl_setopt($curl, CURLOPT_USERAGENT, “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)”);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,false);
curl_setopt($curl, CURLOPT_MAXREDIRS, 10);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($curl, CURLOPT_TIMEOUT, 20);
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
‘refresh_token: ‘.$token,
));
$result = json_decode(curl_exec($curl));
curl_close ($curl);
return $result;
}
}
</CODE>