使用卫星时验证令牌的问题

时间:2017-07-31 08:04:12

标签: angularjs satellizer

我正在尝试使用Satellizer 0.15.5来管理我的用户身份验证。

我按如下方式配置我的卫星:

$authProvider.loginUrl = "http://localhost:8080/login/";
$authProvider.tokenName = "Authorization";
$authProvider.tokenPrefix = "myApp",

在我的控制器中,我有:

$auth.login({
        userName: $scope.user,
        userPassword: $scope.password
    })
    .then(function(){
        $location.path("/");
        ngDialog.close();

    })
    .catch(function(response){
        // Something went wrong
    });

它正确地处理了请求,事实上,我正在按照我的预期获取标题,并且我获得了授权令牌,但是,它并没有发送以下请求。

Theese是我在服务器中检索的唯一标头:

Header: Origin
Header: Cache-Control
Header: Accept
Header: Connection
Header: User-Agent
Header: Referer
Header: Host
Header: Pragma
Header: Accept-Encoding
Header: Accept-Language

而且我没有在代码的任何其他位置设置任何标题...我是否缺少某些配置或出了什么问题?

编辑:我使用的是角1.6.4,所以这不是一个不兼容的版本问题。

1 个答案:

答案 0 :(得分:0)

这就是我项目中的内容:

   function getApiPath() {
     var apiPath = '/api.php/';   
     return apiPath;
   }

    var apiPath = getApiPath();

    $authProvider.httpInterceptor = false; // Add Authorization header to HTTP request
    $authProvider.loginOnSignup = true;
    $authProvider.loginRedirect = '/';
    //$authProvider.logoutRedirect = '/';
    $authProvider.signupRedirect = '#/login';
    $authProvider.loginUrl = apiPath + 'login';
    $authProvider.signupUrl = apiPath + 'signup';
    $authProvider.loginRoute = '#/login';
    $authProvider.signupRoute = '#/signup';
    $authProvider.tokenRoot = false;
    $authProvider.tokenName = 'token';
    $authProvider.tokenPrefix = 'MyCompany_' + window.location.host;
    $authProvider.unlinkUrl = '#/unlink/';
    $authProvider.unlinkMethod = 'get';
    $authProvider.authHeader = 'Authorization';
    $authProvider.withCredentials = true;

希望它会对你有所帮助。

由于跨域问题,我向api.php发送请求 - 位于我的客户端项目中,看起来像:

<?php

$CORS_approved_array = array('Google Calendar Gadget');

//  && isset($_SERVER['HTTP_X_REQUESTED_WITH']) && in_array($_SERVER['HTTP_X_REQUESTED_WITH'], $CORS_approved_array)
if (isset($_SERVER['HTTP_ORIGIN'])) {
    header('Access-Control-Allow-Origin: '.$_SERVER['HTTP_ORIGIN']);
    header('Access-Control-Allow-Methods: POST');
    header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization");
    header('Access-Control-Allow-Credentials: true');
}

date_default_timezone_set('GMT');

$protocol = 'https://';

$client_host = isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : 'localhost';
if (strpos($client_host, 'www') !== FALSE) {
    $client_host = substr($client_host, 4);
}


if (FALSE !== strpos($client_host, 'local_src')) {
    $RemotePageURL = 'https://local-api.mycomp.me/index.php/api_client';
}
else if (FALSE !== strpos($client_host, 'localsrc')) {
    $RemotePageURL = 'https://local-api.mycomp.me/index.php/api_client';
}
else if (FALSE !== strpos($client_host, 'local')) {
    $RemotePageURL = 'http://local-api.mycomp.me/index.php/api_client';
}
else if (FALSE !== strpos($client_host, 'staging')) {
    $RemotePageURL = $protocol.'staging-api.mycomp.me/app';
}
else if (FALSE !== strpos($client_host, 'dev')) {
    $RemotePageURL = $protocol.'dev-api.mycomp.me/app';
}
else {
    $RemotePageURL = $protocol.'api.mycomp.me/app';
}

$RemotePageURL .= substr($_SERVER['REQUEST_URI'], strlen($_SERVER['SCRIPT_NAME']));


mb_internal_encoding('UTF-8');

$options = array(
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HEADER         => false,
    CURLOPT_CONNECTTIMEOUT => 120,
    CURLOPT_TIMEOUT        => 120,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_MAXREDIRS      => 10,
    CURLOPT_AUTOREFERER    => true,
    CURLOPT_USERAGENT      => $_SERVER['HTTP_USER_AGENT'],
    CURLOPT_VERBOSE        => false,
    CURLOPT_SSL_VERIFYHOST => 0,
    CURLOPT_SSL_VERIFYPEER => 0
);

if(isset($_SERVER['HTTP_REFERER'])) {
    $options[CURLOPT_REFERER] = $_SERVER['HTTP_REFERER'];
}

$post_data_json = file_get_contents("php://input");
if (count($_COOKIE) && isset($_COOKIE['external_api'])) {
    if (strpos($RemotePageURL, '_register')) {
        $post_data_array = array();
        if (!empty($post_data_json)) {
            $post_data_array = json_decode($post_data_json, true);
        }

        $external_api_array = json_decode($_COOKIE['external_api'], true);
        if (count($external_api_array)) {
            foreach ($external_api_array as $key => $value) {
                $post_data_array[$key] = $value;
            }
        }

        $post_data_json = json_encode($post_data_array);
    }
    // expire cookie
    setcookie('external_api', '', time() - 3600);
}

if ($post_data_json) {
    $options[CURLOPT_POST] = 1;
    $options[CURLOPT_POSTFIELDS] = $post_data_json;
    $options[CURLOPT_HTTPHEADER] = array (
        'Content-Type: application/json',
        'Content-Length: ' . strlen($post_data_json)
    );
}

$ch = curl_init($RemotePageURL);
curl_setopt_array($ch,$options);
$response = curl_exec($ch);

$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

if ( $httpCode != 200 ){
    http_response_code($httpCode);
}
else {
    $vars_array = json_decode($response, true);
    if (isset($vars_array['data']['session_array']) && count($vars_array['data']['session_array'])) {
        $session_array = $vars_array['data']['session_array'];
        unset($vars_array['data']['session_array']);

        // create cookie with ttl for a day (in case client clock is not tuned well)
        setcookie('external_api', json_encode($session_array), time() + 86400);

        $response = json_encode($vars_array);
    }

    header('Content-Type: application/json');   
    echo $response;
}

curl_close($ch);
相关问题
最新问题