php实现接口http协议中的Authorization Basic认证、调用

      

我们应用API接口实现中通过Authorization Basic认证是比较常见的，下面谈谈使用php实现接口认证、调用的方法。

需求场景描述

应用系统API接口，需要通过Authorization Basic认证实现，接口方给客户端相应的密钥才能实现认证，并且客户端也通过Authorization Basic认证的调用来实现通信。

实现方法是，将http协议请求头中压入认证字符串，认证字符串可以以base64编码加密，格式如：Authorization:Basic base64_encode("$name:$pwd")

接口实现Authorization Basic认证

php代码如下：

<?php
//一个验证用户的接口范例
public function validUser(){
    header("Content-Type: text/html; CharSet=UTF-8");
    $requestHeaders = apache_request_headers();
    if (array_key_exists('Authorization', $requestHeaders)) {
        list($username, $password) = explode(':', base64_decode(explode(' ', $requestHeaders['Authorization'])[1]));
//记录接口日志
        $log_content=date("Y-m-d H:i:s ", time())."Authorization username,password=".$username.';'.$password;
        file_put_prepend ($log_content, $this->log_file);
//$auth_key=base64_decode(explode(' ', $requestHeaders['Authorization'])[1]);
        $pwd_en  = md5(md5($password));
//$auth_key=$_POST['auth_key'];
        通过数据库或其他方式认证取得用户信息，$userInfo
if (!empty($userInfo)) {
    $this->responCode(200);
    $this->uname=$username;
//echo "登录成功";
} else  {
    $this->responCode(403); exit;
}
   } else {
        $this->responCode(401); exit;
    }
}
private function responCode($code){
    if (401 === $code) {
        header("401 Unauthorized");
        header("WWW-Authenticate: Basic");
    } elseif (403 === $code) {
        header("403 Forbidden");
    }
    else {
        header('200 OK');
    }
}
?>

调用Authorization Basic认证API接口

<?php
public function callValidUser(){
    $url=$base_url.'/validuser';
    $name='test';  $pwd='1234';
    $headers =array('Authorization:Basic '.base64_encode("$name:$pwd") );
    $ch = curl_init();
    $postData=array('username'=>$_POST['username']);
    curl_setopt($ch, CURLOPT_HEADER, 0);  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_POST, 1);  curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
    //curl_setopt($ch, CURLOPT_HTTPGET, true);   curl_setopt($ch, CURLINFO_HEADER_OUT, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true);//跳过https验证
    curl_setopt($ch, CURLOPT_URL, $url);
    $response = curl_exec($ch);
// echo curl_getinfo($ch, CURLINFO_HEADER_OUT);
    curl_close($ch);
    echo $response;
}
?>