首先,我找不到我的问题的答案。
问题是当我打电话时,我必须在标头中添加api密钥。我正在使用Ajax,但我不希望其他人从devtool中看到api密钥。
我的代码如下:
$(document).ready(function(){
$("#login").click(function(e){
e.preventDefault();
$.ajax({
type:"POST",
url:'/resource/auth/login',
data: {
username: username.value,
password:password.value
},
headers: { "ApiKey": "mykey" },
success: function(){
alert("Logged in");
有没有办法隐藏“ mykey”的值,如果我没有在标题中提供密钥,api调用将无法工作
谢谢!
答案 0 :(得分:0)
希望我能为您工作,以下代码供您查看:
@php
$secret_key = hash('sha256', 'some_secret_key');
$secret_iv = substr(hash('sha256', 'some_secret_iv'),0,16);
@endphp
$(document).ready(function(){
$("#login").click(function(e){
e.preventDefault();
$.ajax({
type:"POST",
url:'/resource/auth/login',
data: {
_token:{{csrf_token()}}
username: "{{openssl_encrypt('your_username','AES-256-CBC', $secret_key, 0, $secret_iv)}}",
password: "{{openssl_encrypt('your_password','AES-256-CBC', $secret_key, 0, $secret_iv)}}"
},
headers: { "ApiKey": "{{openssl_encrypt('your_apikey','AES-256-CBC', $secret_key, 0, $secret_iv)}}" },
success: function(resp){
console.log(resp);
},
error: function(err){
console.log(err);
}
}
);
在控制器的功能中,您可以解密的是获取用户名和密码:
public function login(Request $request){
$secret_key = hash('sha256', 'some_secret_key');
$secret_iv = substr(hash('sha256', 'some_secret_iv'),0,16);
$username = openssl_decrypt($request->input('username'), 'AES-256-CBC', $secret_key, 0, $secret_iv);
$password = openssl_decrypt($request->input('password'), 'AES-256-CBC', $secret_key, 0, $secret_iv);
$apikey = openssl_decrypt($request->header('ApiKey'), 'AES-256-CBC', $secret_key, 0, $secret_iv)
echo 'Hye! your username is ' $username. ',your password is '. $password .'and your api key is '.$apikey;
}
这里的openssl_encrypt和openssl_decrypt是php函数,您可以在文档中阅读它们: openssl_encrypt:
确保您的secret_key和secret_iv双方应该相同。