IHP可以用于带有JWT身份验证的应用后端吗？

Question

是否有人使用IHP作为应用后端，如果是的话，需要做哪些更改才能做到这一点？是否有允许IHP进行jwt身份验证的JWT包或类似的东西？使用IHP作为应用后端的数字诱导支持吗？

Answer 1

IHP本身现在只将JWT作为DataSync的一部分。但是，这里有一个用于数字诱导的自定义JWT实现：

{-# LANGUAGE AllowAmbiguousTypes #-}

module Application.Auth (initJWTAuthentication) where

import IHP.Prelude
import IHP.LoginSupport.Helper.Controller
import IHP.Controller.Session
import IHP.QueryBuilder
import IHP.Fetch
import IHP.ControllerSupport
import IHP.ModelSupport
import IHP.Controller.Context
import IHP.Controller.Param
import qualified Web.JWT as JWT
import qualified Data.ByteString as BS
import qualified Data.Maybe as Maybe
import qualified Data.Text as Text

{-# INLINE initJWTAuthentication #-}
initJWTAuthentication :: forall user normalizedModel.
        ( ?context :: ControllerContext
        , ?modelContext :: ModelContext
        , normalizedModel ~ NormalizeModel user
        , Typeable normalizedModel
        , Table normalizedModel
        , FromRow normalizedModel
        , PrimaryKey (GetTableName normalizedModel) ~ UUID
        , GetTableName normalizedModel ~ GetTableName user
        , FilterPrimaryKey (GetTableName normalizedModel)
        , KnownSymbol (GetModelName user)
    ) => IO ()
initJWTAuthentication = do
    let accessTokenQueryParam = (paramOrNothing  "access_token")
    let accessToken :: Maybe Text = accessTokenQueryParam <|> jwtFromAuthorizationHeader
    case accessToken of
        Just accessToken -> do
            signer <- fromContext @JWT.Signer
            let signature = JWT.decodeAndVerifySignature signer accessToken

            case signature of
                Just jwt -> do
                    let userId :: Id user = jwt
                            |> JWT.claims
                            |> JWT.sub
                            |> Maybe.fromMaybe (error "JWT missing sub")
                            |> JWT.stringOrURIToText
                            |> textToId

                    user <- fetchOneOrNothing userId
                    putContext user
                Nothing -> error "Invalid signature"
        Nothing -> pure ()

jwtFromAuthorizationHeader :: (?context :: ControllerContext) => Maybe Text
jwtFromAuthorizationHeader = do
    case getHeader "Authorization" of
        Just authHeader -> authHeader
                |> cs
                |> Text.stripPrefix "Bearer "
                |> Maybe.fromMaybe (error "Invalid format of Authorization header, expected 'Bearer <jwt>'")
                |> Just
        Nothing -> Nothing

把它放到Application/Auth.hs里。然后更改Web/FrontController.hs以调用initJWTAuthentication函数，如下所示：

instance InitControllerContext WebApplication where
    initContext = do
        setLayout defaultLayout

        initAuthentication @User
        initJWTAuthentication @User

之后，您可以向您的IHP应用程序(如http://myapp/SomeAction?access_token=<JWT here> )或通过设置Authorization HTTP头(如Authorization: Bearer <JWT here> )来发出API请求。