Giter Site home page Giter Site logo

charlesportwoodii / yii2-api Goto Github PK

View Code? Open in Web Editor NEW
11.0 5.0 1.0 402 KB

A Yii2 API Skeleton Framework

License: BSD 3-Clause "New" or "Revised" License

PHP 97.33% Shell 0.21% Makefile 1.45% Twig 1.02%
yii2 rest rest-api queue disque redis hkdf libsodium encryption yii2-api

yii2-api's Introduction

Yii2 API Skeleton Project

Packagist Pre Release TravisCI Scrutinizer Code Quality Gittip License Yii

A project template to reduce the overhead involved in writing RESTful JSON API's by implementing common API endpoints (such as registration and authentication) so that developers can focus on writing core application business logic rather than implementing the same components over and over again. Built ontop of Yii Framework 2 (Yii2), this project provides a basline API skeleton that is easy to extend from, and implements a base API that can easily be extended from.

What is Provided?

By default the following functionality is provided:

  • Authentication with HMAC+HKDF
  • Registration
  • Password Resets for authenticate and unauthenticated users

The additional functionality is provided as well:

  • Two factor authentication via OTP codes + API endpoints to manage
  • Configurable Rate Limiting
  • Encrypted API session support via libsodium
  • Translation support
  • Develop with Docker

Documentation

For information on how to setup, configure, extend, and use this framework, please read the documentation in the docs folder.

How to Contribute

You can contribute to the development of the core API by submitting a new issue or pull request to this repository, or to the yii2-api-rest-components, where the core components are stored. If you're looking for something to contribute to, consider the following ideas:

  • Translations
  • Implementing new API endpoints common to API's

License

See LICENSE.md for licensing information.

yii2-api's People

Contributors

charlesportwoodii avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

dbd5

yii2-api's Issues

while installation found Problem 1

The requested PHP extension ext-sodium >=2.0.0 is missing from your system. Install or enable PHP's sodium extension.

is this php_libsodium ?

Suggestions for Implementing editOwnModel permission

Hello,

I am trying to base an API project on this framework and the related components project.

My project makes extensive use of the editOwnModel permission.

Considering how yrc\rest\Controller implements the filters acl (works great, thanks) and that the model is unknown at this point - meaning all calls to ->can('editOwnModel') will fail, what is the best way to limit access using the editOwnModel permission?

Thanks in advance!

Authorization->verify() not matching for refresh endpoint

Hello;

I am trying to play with the refresh endpoint so I can get a general understanding of how things work.

After a successful login / authentication I use static HMAC::generate() to generate the HMAC authorisation header (V1 - set version = 1 in the call to Authorization) as follows;

Yii::warning(\common\yrc\tests_support\HMAC::generate(
'/v1/user/refresh',
[
"access_token" => "PAX4R4CJPW56UGDOC65EGHH6GQAVWGQ6PD6VERHF6W2XS5EC555Q",
"refresh_token" => "IG36HCPXTNYFIBOHDT7IXAV3QEDYMGPIVSSE6XXW3Z5TD6YEGXZR3XZIYNK2BBGLXFY3XX5IDL2FDLRKY736VFB4B7V3A44WT4WCE6I",
"ikm" => "4rUgb3f0hJVhUcyrw5495VcBC+sCS1biBxL5hoq+WZU=",
"expires_at" => 1716902878,
"secret_sign_kp" => "gVpGYJkATcwgMUbWtZL604VbNB7X6dw6GnSxEaCTqZahM99vqrwMSQWyEwseOsap1rHugbwxXUqn2gX0NnDKqQ==",
],
'post',
new DateTime(),
["refresh_token" => "IG36HCPXTNYFIBOHDT7IXAV3QEDYMGPIVSSE6XXW3Z5TD6YEGXZR3XZIYNK2BBGLXFY3XX5IDL2FDLRKY736VFB4B7V3A44WT4WCE6I",],
));

I then set this as the Authorization header in postman and also set the X-Date header

When I make a postman call to https://api.localhost/v1/user/refresh with the payload "refresh_token" => "IG36HCPXTNYFIBOHDT7IXAV3QEDYMGPIVSSE6XXW3Z5TD6YEGXZR3XZIYNK2BBGLXFY3XX5IDL2FDLRKY736VFB4B7V3A44WT4WCE6I", I always get Your request was made with invalid credentials.

In debugging this, I have set the driftAllowance to an unreasonably high number just to isolate timing in Authorization->verify().
It appears that the $hmac never matches $auth->getHMAC() in the lines;

if (\sodium_memcmp($hmac, $auth->getHMAC()) === 0) {
return true;
}

I'd appreciate your insights per what I could be doing wrong

Thanks

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.