所以我正在研究一种使用摘要认证中间件的api。如果请求中存在特定参数,我希望能够完全绕过身份验证。
public function process(ServerRequestInterface $request, DelegateInterface $delegate)
{
/* TODO:: Figure out how to bypass the digest auth below */
/* Have tried: (if detect particular parameter) */
// return new Response\HtmlResponse(true);
// return new Response();
/* Begin digest authentication */
$authentication = new DigestAuthentication($this->credentials);
$authentication->realm($this->realm);
$authentication->nonce(uniqid());
return $authentication(
$request,
new Response(),
function ($request) use ($delegate) {
return $delegate->process($request);
}
);
}
我这里有正确的想法吗?欢迎任何帮助或建议!
你有几个选择:
'home' => [
'path' => '/',
'middleware' => [YourAuthenthicationMiddleware::class, HomePageHandler::class],
'allowed_methods' => ['GET'],
'name' => 'home',
],
$app->pipe('/api', YourAuthenthicationMiddleware::class);
No auth path: /myApp/any/path
Auth path: /api/any/path
Route:
'login' => [
'path' => '/login[/]',
'middleware' => LoginHandler::class,
'allowed_methods' => ['GET', 'POST'],
'name' => 'login',
'authentication' => [
'bypass' => true,
],
],
AuthenticationMiddleware:
$this->routeConfiguration = $config['routes'];
$routeResult = $request->getAttribute(RouteResult::class);
...
if (empty($this->routeConfiguration[$routeResult->getMatchedRouteName()]['authentication']['bypass'])) {
//try to authenticate
}
对于最后一个选项,请确保注入此管道:
$app->pipe(RouteMiddleware::class);