php自訂token類並將產生的token放在http要求標頭的Authorization中的代碼

本篇文章給大家帶來的內容是關於php自訂token類並將產生的token放在http要求標頭的Authorization中的代碼，有一定的參考價值，有需要的朋友可以參考一下，希望對你有所協助。

今天在使用laravel寫東西的時候，需要與前端互動，看了jwt(json web token)，於是自己想試著寫一個簡單的token類，token中儲存了成員id和成員的許可權，與前端互動時，將產生的token放在http要求標頭的Authorization中，整理如下：

<?phpnamespace App\Http\Controllers\Auth;use Illuminate\Http\Request;use App\Http\Controllers\Controller;class TokenController extends Controller{    /**     * header     * @var array     */    private static $header = [            "type" => "token",            "alg"  => "HS256"    ];    /**     * create payload     * @param $memberId     * @param $permission     * @return array     */    private static function payload($memberId, $permission)    {        return [                    "iss"       => "http://api.creatshare.com",                    "iat"       => $_SERVER['REQUEST_TIME'],                    "exp"       => $_SERVER['REQUEST_TIME'] + 7200,                     "GivenName" => "CreatShare",                     "memberId"  => $memberId,                     "permission"=> $permission        ];    }    /**     * encode data     * @param $data     * @return string     */    private static function encode($data)    {        return base64_encode(json_encode($data));    }    /**     * generate a signature     * @param $header     * @param $payload     * @param string $secret     * @return string     */    private static function signature($header, $payload, $secret = 'secret')    {        return hash_hmac('sha256', $header.$payload, $secret);    }    /**     * generate a token     * @param $memberId     * @param $permission     * @return string     */    public static function createToken($memberId, $permission)    {        $header = self::encode(self::$header);                $payload = self::encode(self::payload($memberId, $permission));                $signature = self::signature($header, $payload);                return $header . '.' .$payload . '.' . $signature;    }    /**     * check a token     * @param $jwt     * @param string $key     * @return array|string     */    public static function checkToken($jwt, $key = 'secret')    {        $token = explode('.', $jwt);                if (count($token) != 3)                    return 'token invalid';                 list($header64, $payload64, $sign) = $token;                 if (self::signature($header64 , $payload64) !== $sign)                     return 'token invalid';                 $header = json_decode(base64_decode($header64), JSON_OBJECT_AS_ARRAY);                 $payload = json_decode(base64_decode($payload64), JSON_OBJECT_AS_ARRAY);                 if ($header['type'] != 'token' || $header['alg'] != 'HS256')                     return 'token invalid';                 if ($payload['iss'] != 'http://api.creatshare.com' || $payload['GivenName'] != 'CreatShare')                     return 'token invalid';                 if (isset($payload['exp']) && $payload['exp'] < time())                     return 'timeout';                 return [                     'memberId' => $payload['memberId'],                     'permission' =>$payload['permission']        ];    }    /**     * get a token     * @return null     */    public static function getToken()    {        $token = null;                if (isset($_SERVER['HTTP_AUTHORIZATION']))                    $token = $_SERVER['HTTP_AUTHORIZATION'];                return $token;    }}

$token = Token::createToken($member_id, $member_permission); //建立一個token$token = Token::getToken();    //從http要求標頭擷取token$result = Token::checkToken(); //解析token