How to use the Hyperf framework for permission authentication
Introduction:
In a Web application, permission authentication is a very important function. Through permission authentication, we can restrict certain users to only access specific resources and functions, and protect sensitive data from being accessed by unauthorized users. This article will introduce how to use the Hyperf framework for permission authentication and give specific code examples.
1. Configure the permission table and role table
Before starting to use the Hyperf framework for permission authentication, we need to configure the permission table and role table first. Open the .env file in the project, add the following configuration:
# 权限表 PERMISSION_TABLE=admin_permissions # 角色表 ROLE_TABLE=admin_roles
Then create the corresponding table in the database.
2. Define permission middleware
The Hyperf framework provides a middleware mechanism that can perform some operations before and after request processing. We can use middleware for permission authentication. First, create a new file AuthMiddleware.php in the app/Middleware directory with the following code:
<?php declare(strict_types=1); namespace AppMiddleware; use HyperfHttpServerContractRequestInterface; use HyperfHttpServerContractResponseInterface; use HyperfHttpServerRouterDispatched; use PsrContainerContainerInterface; use HyperfLoggerLoggerFactory; use HyperfCircuitBreakerAnnotationCircuitBreaker; class AuthMiddleware { private $container; private $logger; public function __construct(ContainerInterface $container, LoggerFactory $loggerFactory) { $this->container = $container; $this->logger = $loggerFactory->get('auth'); } /** * @param RequestInterface $request * @param ResponseInterface $response * @param callable $next * @return ResponseInterface */ public function process(RequestInterface $request, callable $next): ResponseInterface { // 获取当前请求的控制器和方法 $dispatched = $this->container->get(Dispatched::class); $controller = $dispatched->handler->callback[0]; $action = $dispatched->handler->callback[1]; // 进行权限认证 $isAuth = $this->checkPermission($controller, $action); if (!$isAuth) { // 权限不足,返回错误提示 return $response->json(['code' => 403, 'message' => 'Permission Denied']); } // 继续执行下一个中间件 return $next($request); } /** * @param $controller * @param $action * @return bool */ protected function checkPermission($controller, $action): bool { // 根据控制器和方法查询需要的权限,校验用户是否拥有该权限 // 省略代码,根据具体业务逻辑进行处理 return true; // 此处返回true表示权限校验通过 } }
3. Register middleware
Open the config/autoload/middlewares.php file and add the following configuration:
<?php declare(strict_types=1); return [ // ... 'auth' => AppMiddlewareAuthMiddleware::class, ];
4. Using middleware
In routing configuration, we can use middleware for permission authentication. For example:
<?php declare(strict_types=1); use HyperfHttpServerRouterRouter; // 不需要登录的接口 Router::group([ 'middleware' => [], ], function () { // ... }); // 需要登录但是不需要认证权限的接口 Router::group([ 'middleware' => [ AppMiddlewareAuthMiddleware::class, ], ], function () { // ... }); // 需要认证权限的接口 Router::group([ 'middleware' => [ AppMiddlewareAuthMiddleware::class, ], ], function () { // ... });
Summary:
It is very simple to use the Hyperf framework for permission authentication. We only need to define an AuthMiddleware middleware and then use it in the routing configuration. When the request reaches the middleware, our customized permission authentication logic will be executed. If the permission verification fails, the corresponding error message can be returned. In this way, we can easily implement the permission control function.
Reference link:
The above is the detailed content of How to use the Hyperf framework for permission authentication. For more information, please follow other related articles on the PHP Chinese website!