yii2restapi承载认证_Rest_Authentication_Reactjs_Yii2 Advanced App_Bearer Token

yii2restapi承载认证

rest authentication reactjs

yii2restapi承载认证,rest,authentication,reactjs,yii2-advanced-app,bearer-token,Rest,Authentication,Reactjs,Yii2 Advanced App,Bearer Token,我使用Yii2框架作为后端，使用reactjs作为客户端。我正在尝试使用HTTPBearer身份验证创建RESTAPI，但总是得到401未经授权的错误。我遵循了yii2restapi认证，但没有成功。我还在user.php上实现了findIdentityByAccessToken，在sql上实现了access\u token。我的文件：- 文件夹结构：- -api --配置 --main.php --main local.php … --模块 --v1 --控制器 --CheckinsContr

我使用Yii2框架作为后端，使用reactjs作为客户端。我正在尝试使用HTTPBearer身份验证创建RESTAPI，但总是得到401未经授权的错误。我遵循了yii2restapi认证，但没有成功。我还在user.php上实现了findIdentityByAccessToken，在sql上实现了access\u token。我的文件：-
文件夹结构：-
-api
--配置
--main.php
--main local.php
…
--模块
--v1
--控制器
--CheckinsController.php

namespace api\modules\v1\controllers; use yii\rest\ActiveController; use yii\data\ActiveDataProvider; use yii\filters\ContentNegotiator; use api\modules\v1\models\CheckinApi; use yii\filters\auth\HttpBearerAuth; use yii\web\Response; class CheckinsController extends ActiveController { public $modelClass = 'common\models\Events'; public function behaviors() { $behaviors = parent::behaviors(); $behaviors['authenticator'] = [ 'class' => HttpBearerAuth::className() ]; $behaviors['contentNegotiator'] = [ 'class' => ContentNegotiator::className(), 'formats' => [ 'application/json' => Response::FORMAT_JSON, ], ]; return $behaviors; } public function actionCheckinview($id) { // \Yii::$app->response->format = \yii\web\Response::FORMAT_JSON; $query = new CheckinApi(); $test = [ 'count' => $query->Checkincount($id), 'checkinid' => $id, 'useridused' => Yii::$app->user->identity->id, ]; return $test;//Testing purpose } } User.php class User extends ActiveRecord implements IdentityInterface { const STATUS_DELETED = 0; const STATUS_ACTIVE = 10; /** * @inheritdoc */ public static function tableName() { return '{{%user}}'; } /** * @inheritdoc */ public function behaviors() { return [ TimestampBehavior::className(), ]; } /** * @inheritdoc */ public function rules() { return [ ['status', 'default', 'value' => self::STATUS_ACTIVE], ['status', 'in', 'range' => [self::STATUS_ACTIVE, self::STATUS_DELETED]], ]; } public function fields() { $fields = parent::fields(); // remove fields that contain sensitive information unset($fields['auth_key'], $fields['password_hash'], $fields['password_reset_token'],$fields['access_token']); return $fields; } /** * @inheritdoc */ public static function findIdentity($id) { return static::findOne(['id' => $id, 'status' => self::STATUS_ACTIVE]); } /** * @inheritdoc */ public static function findIdentityByAccessToken($token, $type = null) { return static::findOne(['access_token' => $token]); } /** * Finds user by username * * @param string $username * @return static|null */ public static function findByUsername($username) { return static::findOne(['username' => $username, 'status' => self::STATUS_ACTIVE]); } /** * Finds user by password reset token * * @param string $token password reset token * @return static|null */ public static function findByPasswordResetToken($token) { if (!static::isPasswordResetTokenValid($token)) { return null; } return static::findOne([ 'password_reset_token' => $token, 'status' => self::STATUS_ACTIVE, ]); } /** * Finds out if password reset token is valid * * @param string $token password reset token * @return boolean */ public static function isPasswordResetTokenValid($token) { if (empty($token)) { return false; } $expire = Yii::$app->params['user.passwordResetTokenExpire']; $parts = explode('_', $token); $timestamp = (int) end($parts); return $timestamp + $expire >= time(); } /** * @inheritdoc */ public function getId() { return $this->getPrimaryKey(); } /** * @inheritdoc */ public function getAuthKey() { return $this->auth_key; } /** * @inheritdoc */ public function validateAuthKey($authKey) { return $this->getAuthKey() === $authKey; } /** * Validates password * * @param string $password password to validate * @return boolean if password provided is valid for current user */ public function validatePassword($password) { return Yii::$app->security->validatePassword($password, $this->password_hash); } /** * Generates password hash from password and sets it to the model * * @param string $password */ public function setPassword($password) { $this->password_hash = Yii::$app->security->generatePasswordHash($password); } /** * Generates "remember me" authentication key */ public function generateAuthKey() { $this->auth_key = Yii::$app->security->generateRandomString(); } /** * Generates "api" access token */ public function generateAccessToken() { $this->access_token = Yii::$app->security->generateRandomString($length = 16); } /** * Generates new password reset token */ public function generatePasswordResetToken() { $this->password_reset_token = Yii::$app->security- >generateRandomString() . '_' . time(); } /** * Removes password reset token */ public function removePasswordResetToken() { $this->password_reset_token = null; } }
-后端
-普通的
-前端
main.php

<?php $params = array_merge( require(__DIR__ . '/../../common/config/params.php'), require(__DIR__ . '/../../common/config/params-local.php'), require(__DIR__ . '/params.php'), require(__DIR__ . '/params-local.php') ); return [ 'id' => 'app-api', 'basePath' => dirname(__DIR__), 'bootstrap' => ['log'], 'modules' => [ 'v1' => [ 'basePath' => '@app/modules/v1', 'class' => 'api\modules\v1\Module' // here is our v1 modules ] ], 'components' => [ 'user' => [ 'identityClass' => 'common\models\User', 'enableAutoLogin' => false, 'enableSession' => false, 'loginUrl' =>'', ], 'log' => [ 'traceLevel' => YII_DEBUG ? 3 : 0, 'targets' => [ [ 'class' => 'yii\log\FileTarget', 'levels' => ['error', 'warning'], ], ], ], 'request' => [ 'class' => '\yii\web\Request', 'enableCookieValidation' => false, 'parsers' => [ 'application/json' => 'yii\web\JsonParser', ] ], 'urlManager' => [ 'enablePrettyUrl' => true, 'enableStrictParsing' => true, 'showScriptName' => false, 'rules' => [ [ 'class' => 'yii\rest\UrlRule', 'controller' => 'v1/user', 'tokens' => [ '{id}' => '<id:\\w+>' ] ], [ 'class' => 'yii\rest\UrlRule', 'controller' => 'v1/event', 'extraPatterns' => [ 'GET test' => 'test' ], ], [ 'class' => 'yii\rest\UrlRule', 'controller' => 'v1/checkins', 'extraPatterns' => [ 'GET checkinview/<id:\d+>' => 'checkinview/' ], ] ], ] ], 'params' => $params, ];
任何帮助都将不胜感激！！几天来一直试图解决这个问题，但没有成功。不知道这是不是我犯的一个简单的错误

请给我“user.php”以查看更多

“CheckinsController”应类似于以下LOC（如果您不控制它，请不要添加更多信息）

您可以参考以下手册：

也可以参考这个项目（包括数据库）-它在我的本地主机上运行得很好。希望我帮了你什么
在我的例子中，当检查firebug时，有两个调用，一个GET，一个OPTIONS。GET将返回200 OK且无响应，而选项将返回401未经授权的访问
在谷歌上浏览时，我发现这条简单的线路可以让它工作

public function behaviors() { return \yii\helpers\ArrayHelper::merge(parent::behaviors(), [ 'corsFilter' => [ 'class' => \yii\filters\Cors::className(), ], 'authenticator' => [ 'class' => \yii\filters\auth\HttpBearerAuth::className(), 'except' => ['options'], ], ]); }

但是，我不明白为什么选择，为什么得到的回报没有回应？有人能详细解释一下吗？
我的案子和你的一样。我正在为客户端使用
ReactJS
，为api使用danyii2

public function behaviors() { $behaviors = parent::behaviors(); $behaviors['authenticator'] = [ 'class' => CompositeAuth::className(), 'except' => ['token'], 'authMethods' => [ HttpBearerAuth::className(), QueryParamAuth::className(), ], ]; return $behaviors; }
在您的情况下，请检查此规则：

[ 'class' => 'yii\rest\UrlRule', 'controller' => 'v1/checkins', 'extraPatterns' => [ 'GET checkinview/<id:\d+>' => 'checkinview/' ], ]

[ 'class'=>'yii\rest\UrlRule'， “控制器”=>“v1/签入”， “外部模式”=>[ “获取checkinview/”=>“checkinview/” ], ]
此代码应为：

[ 'class' => 'yii\rest\UrlRule', 'controller' => 'v1/checkins', 'tokens' => ['{id}' => '<id:\\w+>'], --> because you stil use ActiveController 'pluralize' => false, --> for disable pluralize 'extraPatterns' => [ 'GET checkinview/<id:\d+>' => 'checkinview' --> remove '/' sign 'OPTIONS checkinview/<id:\d+>' => 'options', --> for corsFilter ], ]

[ 'class'=>'yii\rest\UrlRule'， “控制器”=>“v1/签入”， 'tokens'=>['{id}'=>']，-->因为您仍然使用ActiveController “复数化”=>false，-->用于禁用复数化 “外部模式”=>[ “GET checkinview/”=>“checkinview”-->删除“/”符号 '选项检查查看/'=>'选项'，-->用于corsFilter ], ]
谢谢您的时间和回复，我会试一试的。我还包括user.php。请检查它。我正在使用generateAccessToken方法进行api
'OPTIONS checkinview/'=>'OPTIONS'，-->进行corsFilter
如果我缺少此方法，它会将状态代码显示为401吗？未经验证，而相同的请求在PostManit中可以正常工作，如果您使用axios或fetch js for HTTP promise，
选项
请求用于检查是否允许您执行
获取、发布、删除、更新
。jQuery使用
application/x-www-form-urlencoded
，而axios或fetch使用
application/json
。请检查您可以使用全部或一次使用一个
[ 'class' => 'yii\rest\UrlRule', 'controller' => 'v1/checkins', 'tokens' => ['{id}' => '<id:\\w+>'], --> because you stil use ActiveController 'pluralize' => false, --> for disable pluralize 'extraPatterns' => [ 'GET checkinview/<id:\d+>' => 'checkinview' --> remove '/' sign 'OPTIONS checkinview/<id:\d+>' => 'options', --> for corsFilter ], ]