Auth的原理网上有很多,我这里就不在赘述了。
这里有张时序图我个人觉得是比较合理而且直观的,(感谢这篇博文:http://justcoding.iteye.com/blog/1950270)
参照这个流程,模拟了下部分代码,当然是尽可能的以简单的形式去表达下自己的见解
模拟了配置文件去掉数据库处理的部分
config.php 定义了公司及对应的操作用户的权限
<?php
return array(
'app'=>array(
'a1'=>array(
'accesskey'=>'123456',//凭证
'type'=>0,//聚合这里规定type对应的请求权限
'appname'=>'gavinjun',
),
),
'type'=>array(
array(
'获取用户的信息','获取用户的金钱',
),
),
);
user_config.php 用户表的模拟
<?php
return array(
'admin'=>'123456',
);
<?php //权限2.0的主程
class Auto{
private $vession=2.0;
private $notic=null;
public function __construct(){
$notic = require 'config.php';
$this->notic = $notic;
}
//校验商户
public function check($_param=array()){
if(empty($_param)){
return false;
}
//获取传过来的accesskey appid
$appid = !empty($_param['appid'])?$_param['appid']:0;
$accesskey=!empty($_param['accesskey'])?$_param['accesskey']:'';
if(!$appid||!$accesskey)
return false;
//校验开始
$notic = $this->notic;
return $notic['app'][$appid]?$notic['app'][$appid]['accesskey']==$accesskey:false;
}
//用户发起登录请求
public function getLoginCallBack($_param){
if($this->check($_param)){
//校验通过返回临时的token 以下都是不安全的方式只是模拟auto的流程
//这里可以用加密 请求时间|请求完成后跳转地址|用户的md5(accesskey)
return time().'|'.$_param['redirect'].'|'.md5($_param['accesskey']).'|'.$_param['appid'];
}else{
echo '商户未注册';
return false;
}
} //用户输入完用户名和密码之后
public function inLogin($name,$pwd){
$user = require("user_config.php");
return $user[$name]?$user[$name]==$pwd:false;
}
//用户登录完成后带着token值来请求我们的令牌
public function getAceess($_param){
$token = $_param['access_token'];
if(!$token)
return false;
list($time,$redirect,$authkey,$appid) = explode('|',$token);
//请求$appid 获取他的accesskey
$notic = $this->notic;
$accesskey = $notic['app'][$appid]['accesskey'];
if(time()>$time+5*60){
//超过5分钟才请求默认失败
return false;
}
if(md5($accesskey)!=$authkey){
//链接不安全
return false;
}
//返回正式的key
//这个key可以保存在数据库中设置这个key的失效时间 //我这里随便固定了他的accesskey
//给跳转的页面发送一个key 用post的应该,不过模拟就算了
$access = 'success';
return $redirect.'?access='.$access;
} public function doSomeByaccess($access){
//和数据库中做比对 这里不写了,就全部默认成功
if($access){
$appid = 'a1';
}
$notic = $this->notic;
$type = $notic['app'][$appid]['type'];
foreach($notic['type'][$type] as $v){
echo '用户权限:'.$v.'<br>';
} }
}
这里是模拟下这段程序的流程
<?php
//模拟流程
require 'auth2.php';
$auth2= new Auto(); //step 1: 用户点击平台上的登录按钮
//该商户的信息 appid=a1,accesskey=123456
$step1=$auth2->getLoginCallBack(array('appid'=>'a1','accesskey'=>'123456','redirect'=>'http://www.baidu.com'));
//系统内部跳转到登录界面拿到临时token 让用户去登录授权
$access_token = $step1;
/**系统内部的处理流程***/
//系统跳到登录地址?access_token=$step1 用户输入用户名和密码
//模拟用户授权
if($auth2->inLogin('admin','123456')){
//用户同意登录返回了一个令牌$access_token是用户登录请求的时候带上的
$arr['access_token']=$access_token;
$url = $auth2->getAceess($arr);
//这个url会发送给平台,平台拿到这个 令牌可以去访问用户信息
echo $url;
}
/****系统内部处理结束跳转到用户平台地址,发送post信息****/
//假设平台接到这个信息他保存下来了这个accesskey,去读取一遍用户的信息
$url = parse_url($url);
list($access,$accesskey)=explode('=',$url['query']);
$auth2->doSomeByaccess($accesskey);
结果:
aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAAekAAAA/CAIAAABLvKdGAAAI0UlEQVR4nO2ZwXLbOAyG/f5PsId2JufuOX0Hy76l3ZntLRWpyR7a2X2C7MGyTJHAT5CULCvzf+MmFAWAACT+UtyD94P3/u3tn69fn5+enj59+vxHLZ8/fXp6enp+fn57e/ODnzEM3vshmh2CqWH8d7H0N8vhYjP+uHmGLtFakf0wDNf1g3yGaTT3H4bh9+/fP/7+cTqduq47dsdjd+yOx2N3HJkG4+Hl5Hy2C6Ym566b+3fHW/h59C4czMLO7buuu64f5NNNo9h/inFkaSyNpe26tIN3zjvvvXv9+fPbt+8vLy/n03nidDqdzufpc778PJ3Pp/HU9dzpdD69vLx8//7X6+vrVQad9955565D5733blzQj+uOps65ycu54MwU7HZ8C+Cu44u9u4Zx3js3leYmbxfGc+5ieJ0eF3V+GIZfv3799+9/hBDymBzcRe+c/BsMponb2E8/fXp28vMzex/bjfIbznohigN46YClxf4sbUybpd1mWZoQSPB4gNIOvev73vWud865vneu73vnLofjr/F4Go+n+v5if/WYfMe58eToPFoGEftpSRcuOHr1s8Wuntclp4z6W2rXIgJ3lsbSWBpL+5ilHfrLCmPcEBdNzocz65nZNYXb7Lj+PNKY/NTG+RouNIw8r8dRwi60dOFvlsbSWBpL+2ClHb58+ZMffvjhh599fQ7vhBBC9ga1mxBC9ge1mxBC9ge1mxBC9ge1mxBC9ge1mxBC9ge1mxBC9ge1mxBC9ge1mxBC9ge1m5DH5XDI71CLzf0Js3qcDCv6WepSVGxLZx6lp4R8VA45LO7YoCINLTF7XTh+tuTGhjS6YwNwaIlp7GRLt98fX7u18hrLJuRuYC1o3+SpaohaBgZFyRg52F5FRTMsx6v2s6In2QxF+4qnThzHkspWbCvcdX2wPNUfob3VdwwppVRrwN6OtFg8pcUXB43yATi0aTfwXamfqaXmLuZjXAJ0o7T5D/1Wu1SRiyeAXbJem7fXeDORRajQGns0HDAdF8liKUa9jlxEubQnuWA/cbu05Yo11ybx+ThadLx2hVcpmwv3emttrpXU7nuC38gatRu/1t1Zu8VVtEmQbTbJlfrZqN1GOV5K2bbUbq22ZVdp4QNrN94ej4BxJzw+QFvTQ3EGu4OriZVxpQ6DinCxoplFPY2rZ7ONxlnl1fQdI7a9ovlIH8XbQlxJnJ/GoAtaupb5ML6Yg3Fea01kKSav9UGLFqUhlpNFXEXrf1q+ViaoC1dnzEfMKjufbYK9n1vlX3SYhkpJjd+Ti5gGT8epYzvhtbCUAOa13NbrpzivxRcH+GJpGeJ5DaQyWlD72qAFmbRsKiMOSudxGqJx6d2TzdyYT2kcS8nGuorG2XyM8xoVcTbMv/Ruse+U8MZOC8l2o2JHWPLBS2suOEMQbfF+2sel8Sd7jbI4WnT7IZiv0CZ7/PtoNz4Um27vQ6Nm2eMXrZjWZb/iaYSWOBrVfbDHWTB/sFfFHWvvRnRj4/lwUtwR4GawJyO6gAjhKTErLaX1+imOQVZR4TiZBdm9drf/tGcCLi3OXzMo7U9RZ/DAkqplFxXNv8MHXjSPd4I2KaaxSf7ZrLS1SreJaA/Cio6gFcZ8wjhp5Gyrs1dTm1+qn2LaYp6al33p7J1p4eG0uzR4+097MlrHS+8eY5xsPvb4xnvlDtq3oHtq/5j5r6c1wN4S1iKUdZmIkbU8J8k2Kv4m2m2Jb++55SGRz9aS3yLaLZ6teFJZ4leMwY2FfbOH0SSIKdpocaKY2lrAMl0FHBaNS59Vjc8wS3Vb5Z+9w6u3bnaJUlHLbgF7GsYr0ngdLVUU9fMwR7PRZixqll4avElRtqAA8TCc1HzTUMbbwt6vdL5xrGWonT0kpJOiSxQwdQf5pC5iPjgyrlqsC6xrzwf0B/cNdACsmxa4Sf7icvZDC2kmYmlaJrhFxiuipQSujuZV2p8F+xkVns0tsjxIRJbGOKZsLUbVlF51fFEJ2ReWLQr0omgVTROBIogujXstLArnU3QKGCzYT2yfVaeiZmaFPp9tkXVZ6KqECPkYWF5E2oXb7ri4TOOFWt7Wi84u3s+98MHLI4SQDwm1mxBC9sda2m35g+Ux/6h5zD+7KvpZ/b80RoPqP40JIe1kvmDCZELnbOzf00WLtn/ND+JnS25sSKM7NgCH2eClBtNMS/MJIXXUa4Flx9q1BmgZGBQlYyTKqsgMy/Gq/WzpyfRMwjbZ60IIuRtLarfxvVI7pcUXB1glW2jUbuC7Uj9TS819qXqL4hNC1mBh7bZHwwHTcZEslmLUr8hFlEt7kgv2E7cLRNMUOZs5xZqQbVny++4i7U4jbKjd4iraJMg2m+RK/azQbiy+6TMpTZLaTciGbPbejbUAK6NF+CoAFeFi7dptPxRnsgm866IcdS8ci82MitLSW/YSEEKMbPB9d2j8XiiCocuyYpEqES4BzGu5rddPcT4b3372PbkK4jUlhNyN+713p5aadoOFIgNNp0qp0Ls0KzFDEG3xftrH2dyiU/hBVZotIaSd+33fnVpqEURRE+UeC6UxnzBai3ZnHyRr91Mcg8dSezLZkgkhK7HBezfe8CCs6IiF0pJPGAcoMsgqWivrYjkEcXBkLSyOll1rqT4TQhZhm+9MgL0lrEUo6zIRI2t5TrJlVPxNtBvP4+eixZ3CTcgmmL4TEGey0pNfu+Q7k9Kl7bKS1ev0tdrybpt9GV+wn4c5mg2YN2o37hV1nJC78SjaLeqj9g4r6khWYYtSSqvLymLja3WjduM4IFpogM3C5pSuQghZlvq/r/FLpWntaxzLctGprBRWJ6OFyspfNrg22d5PbK89hyzYU6p7WBJC6igQKW0nV+9Yo+PiMo0XanlbLzq7eD83Z7+ZE7I7uNkIIWR/ULsJIWR/ULsJIWR/ULsJIWR/ULsJIWR/ULsJIWR/ULsJIWR/ULsJIWR/ULsJIWR/ULsJIWR/ULsJIWR/ULsJIWR/ULsJIWR/ULsJIWR//A+q4V861tMIqQAAAABJRU5ErkJggg==" alt="" />