JWT authentication in Yii2

-

1. Install the firebase/php-jwt package using composer:

composer require firebase/php-jwt

2. Create a JwtHelper class that will handle the JWT authentication:

namespace app\components;

use Firebase\JWT\JWT;
use yii\base\Component;

class JwtHelper extends Component
{
    private $key = 'YOUR_SECRET_KEY';
    private $algorithm = 'HS256';
    private $expire = 3600;
    
    public function generateToken($payload)
    {
        $payload['exp'] = time() + $this->expire;
        return JWT::encode($payload, $this->key, $this->algorithm);
    }
    
    public function validateToken($token)
    {
        try {
            $decoded = JWT::decode($token, $this->key, [$this->algorithm]);
            return (array) $decoded;
        } catch (\Exception $e) {
            return false;
        }
    }
}

This class contains two methods: generateToken() for generating a JWT token and validateToken() for validating the token.

3. In your Yii2 application configuration file (config/web.php), configure the JWT helper as a component:

return [
    // ...
    'components' => [
        // ...
        'jwt' => [
            'class' => 'app\components\JwtHelper',
        ],
    ],
];

4. In your authentication controller action, generate a JWT token and return it to the client:

public function actionLogin()
{
    // Perform authentication...
    
    $payload = [
        'user_id' => $user->id,
        'username' => $user->username,
        'email' => $user->email,
    ];
    $token = Yii::$app->jwt->generateToken($payload);
    return ['token' => $token];
}

5. In your controller actions that require authentication, validate the JWT token:

public function actionProtected()
{
    $authHeader = Yii::$app->request->headers->get('Authorization');
    $token = str_replace('Bearer ', '', $authHeader);
    $payload = Yii::$app->jwt->validateToken($token);
    if (!$payload) {
        throw new \yii\web\UnauthorizedHttpException();
    }
    // ...
}

This example validates the token by retrieving it from the Authorization header and passing it to the validateToken() method.

By following these steps, you can use JWT authentication in your Yii2 application. This is just a basic example, and you may need to modify it depending on your specific requirements.

Komentar

Posting Komentar

Postingan populer dari blog ini

WhatsApp Web login QR code in an HTML page using whatsapp-web.js

-
Gambar
To display the WhatsApp Web login QR code in an HTML page using whatsapp-web.js in Windows, you can follow these steps: 1. Install the required dependencies: npm install express qrcode whatsapp-web.js 2. Create a new file named api-browser.js and add the following code: const express = require('express'); const qrcode = require('qrcode'); const { Client } = require('whatsapp-web.js'); const app = express(); const port = 3000; app.get('/', (req, res) => { res.sendFile(__dirname + '/index.html'); }); app.get('/qrcode', async (req, res) => { const client = new Client(); client.on('qr', (qr) => { qrcode.toDataURL(qr, (err, url) => { if (err) { console.error('Error generating QR code:', err); res.sendStatus(500); } else { res.send(` `); } }); }); await client.initialize(); }); app.listen(port, () => { console.log(`Server is running on ht
Baca selengkapnya

Node.js Telegram Bot API send an image with text

-
To send an image with text using the Telegram Bot API in Node.js, you can use the node-fetch library to make HTTP requests and the FormData module to handle multipart/form-data requests for uploading images. First, install the required modules: npm install node-fetch Here's an example code snippet to send an image with text using the Telegram Bot API: const fetch = require('node-fetch'); const FormData = require('form-data'); const BOT_TOKEN = 'YOUR_TELEGRAM_BOT_TOKEN'; const CHAT_ID = 'TARGET_CHAT_ID'; async function sendImageWithText() { const photoUrl = 'URL_TO_YOUR_IMAGE'; // Replace with the URL of your image const form = new FormData(); form.append('chat_id', CHAT_ID); form.append('photo', photoUrl); form.append('caption', 'Your text caption goes here'); try { const response = await fetch(`https://api.telegram.org/bot${BOT_TOKEN}/sendPhoto`, { method: 'POST',
Baca selengkapnya

Add these security headers to your website

-
The X-Frame-Options, Strict-Transport-Security, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and Content-Security-Policy headers are security-related HTTP headers that help enhance the security of web applications. To add these security headers to your website, you can use the .htaccess file for Apache web servers or the server configuration for other web servers. Here's how to set each header: 1. X-Frame-Options: The X-Frame-Options header helps prevent clickjacking attacks by controlling whether your website can be embedded in an iframe on another domain. For Apache (using .htaccess): Header always set X-Frame-Options "SAMEORIGIN" 1. Strict-Transport-Security (HSTS): The Strict-Transport-Security header enforces the use of HTTPS by instructing the browser to only access the website over a secure (HTTPS) connection. For Apache (using .htaccess): Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Baca selengkapnya