Cara menggunakan jwt php.ini

Kali ini kita akan mencoba membuat REST API menggunakan Codeigniter 4 dan JWT Auth. Berikut langkah-langkahnya

Langkah 1. Instal Codeigniter 4 Melalui Composer

Langkah pertama install terlebih dahulu codeigniter 4 menggunakan composer, jalankan perintah berikut di terminal anda

composer create-project codeigniter4/appstarter ci4restapi

Langkah 2. Setup Config dan Database

Setelah proses instalasi selesai, kita setup terlebih dahulu config dan koneksi ke database

Salin file env dan rekatkan lalu ganti namanya menjadi. env, lalu ubah beberapa kode di baris berikut

#--------------------------------------------------------------------
# ENVIRONMENT
#--------------------------------------------------------------------

CI_ENVIRONMENT = development

#--------------------------------------------------------------------
# APP
#--------------------------------------------------------------------

app.baseURL = 'http://localhost:8080/'

Setup juga untuk koneksi database di baris berikut

#--------------------------------------------------------------------
# DATABASE
#--------------------------------------------------------------------

database.default.hostname = 'localhost'
database.default.database = 'rest_api'
database.default.username = 'root'
database.default.password = 
database.default.DBDriver = 'MySQLi'

Langkah 3. Buat Model

Buat model bernama Pengguna. php di folder App\Models dan masukkan kode berikut

#--------------------------------------------------------------------
# ENVIRONMENT
#--------------------------------------------------------------------

CI_ENVIRONMENT = development

#--------------------------------------------------------------------
# APP
#--------------------------------------------------------------------

app.baseURL = 'http://localhost:8080/'

Langkah 4. Buat Pengontrol

Buat pengontrol bernama UserController. php di folder App\Controllers\Api dan masukkan kode berikut

get()->getResult();
		return $this->response->setJSON( ['sucess'=> true, 'mesage' => 'OK', 'data' => $user] );
	}

	public function create()
	{
		if( !$this->validate([
			'username' 	=> 'required|is_unique[m_users.username]',
			'password' 	=> 'required|min_length[6]',
			'name'	   	=> 'required',
			'address'	=> 'required',
			'phone'		=> 'required'
		]))
		{
			return $this->response->setJSON(['success' => false, 'data' => null, "message" => \Config\Services::validation()->getErrors()]);
		}

		$insert = [
            'username' => $this->request->getVar('username'),
            'password' => password_hash($this->request->getVar('password'), PASSWORD_DEFAULT),
			'name' => $this->request->getVar('name'),
			'naaddressme' => $this->request->getVar('address'),
			'phone' => $this->request->getVar('phone'),
        ];

		$db = new Users;
		$save  = $db->insert($insert);
		
		return $this->setResponseFormat('json')->respondCreated( ['sucess'=> true, 'mesage' => 'OK'] );
	}

	public function show($id)
	{
		$db = new Users;
		$user = $db->where('id', $id)->first();

		return $this->response->setJSON( ['sucess'=> true, 'mesage' => 'OK', 'data' => $user] );
	}

	public function update($id)
	{
		if (! $this->validate([
            'username' => 'permit_empty|is_unique[m_users.username,id,'.$id.']',
            'password' => 'permit_empty|min_length[6]',
			'name' => 'permit_empty',
			'address' => 'permit_empty',
			'phone' => 'permit_empty',
        ])) {
            return $this->response->setJSON(['success' => false, "message" => \Config\Services::validation()->getErrors()]);
        }

		$db = new Users;
		$exist = $db->where('id', $id)->first();

		if( !$exist )
		{
			return $this->response->setJSON(['success' => false, "message" => 'User not found']);
		}
		
        $update = [
            'username' => $this->request->getVar('username') ? $this->request->getVar('username') : $exist['username'],
            'password' => $this->request->getVar('password') ? password_hash($this->request->getVar('password'), PASSWORD_DEFAULT) : $exist['password'],
			'name' => $this->request->getVar('name') ? $this->request->getVar('name') : $exist['name'],
			'naaddressme' => $this->request->getVar('address')  ? $this->request->getVar('address') : $exist['address'],
			'phone' => $this->request->getVar('phone') ? $this->request->getVar('phone') : $exist['phone']
        ];

        $db = new Users;
        $save  = $db->update( $id, $update);

        return $this->response->setJSON(['success' => true,'message' => 'OK']);
	}

	public function delete($id)
	{
		$db = new Users;
		$db->where('id', $id);
		$db->delete();
		
		return $this->response->setJSON( ['sucess'=> true, 'mesage' => 'OK'] );
	}

}

Anda juga dapat membuat file ini secara otomatis menggunakan perintah _______1_______5 di terminal Anda

Buat juga pengontrol untuk menangani waktu login pengguna, karena ini adalah waktu saat kami membuat token untuk pertama kalinya. Buat pengontrol bernama AuthController. php dan masukkan kode berikut

validate([
			'username' 	=> 'required',
			'password' 	=> 'required|min_length[6]',
		]))
		{
			return $this->response->setJSON(['success' => false, 'data' => null, "message" => \Config\Services::validation()->getErrors()]);
		}

		$db = new Users;
		$user  = $db->where('username', $this->request->getVar('username'))->first();
		if( $user )
		{
			if( password_verify($this->request->getVar('password'), $user['password']) )
			{
				$jwt = new JWTCI4;
				$token = $jwt->token();

				return $this->response->setJSON( ['token'=> $token ] );
			}
		}else{

			return $this->response->setJSON( ['success'=> false, 'message' => 'User not found' ] )->setStatusCode(409);
		}
		
		
	}
}

Langkah 5. Aktifkan CORS

Buat filter bernama CorsFilter. php dengan perintah

#--------------------------------------------------------------------
# ENVIRONMENT
#--------------------------------------------------------------------

CI_ENVIRONMENT = development

#--------------------------------------------------------------------
# APP
#--------------------------------------------------------------------

app.baseURL = 'http://localhost:8080/'

* @return mixed
	 */
	public function before(RequestInterface $request, $arguments = null)
	{
		header('Access-Control-Allow-Origin: *');
		header("Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE");
		header("Access-Control-Allow-Credentials: true");
		header("Access-Control-Max-Age: 86400");
        header("Access-Control-Allow-Headers: X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method, Authorization");
        
		
		if ( $request->getMethod() == 'options')
        {
			$response = service('response');
            $response->setJSON(['method' => 'OPTIONS']);
            return $response;
			die();
        }

	}

Langkah selanjutnya adalah mendaftarkan filter dengan membuka file App\Config\Filters. php, dan masukkan kode berikut

/**
	 * Configures aliases for Filter classes to
	 * make reading things nicer and simpler.
	 *
	 * @var array
	 */
	public $aliases = [
		'csrf'     => CSRF::class,
		'toolbar'  => DebugToolbar::class,
		'honeypot' => Honeypot::class,
	
		'cors' 	   => \App\Filters\CorsFilter::class, //register cors
	];

Kami mendaftar dengan nama cors di variabel $alias

Langkah 6. Instal PHP JWT untuk Codeigniter 4

Pertama-tama kita instal paket JWT dengan perintah berikut

composer require firebase/php-jwt

Kemudian kita buat library baru bernama JWTCI4, dan masukkan kode berikut

setConfig()->setExpiredDate();
    }

    protected function setConfig()
    {
        $this->key = getenv("jwt.secretkey");
        $this->ttl = getenv("jwt.ttl") ? getenv("jwt.ttl") : 60;
        $this->iss = $this->getCurrentURL();
        $this->jti = $this->setTime( date("Y-m-d H:i:s"));

        return $this;
    }

    protected function setExpiredDate()
    {
        $now = date("Y-m-d H:i:s");
        $this->iat = $this->setTime( $now );
        $this->nbf = $this->setTime( $now );
        $this->exp = $this->setTime( date("Y-m-d H:i:s", strtotime("+".$this->ttl." MINUTES")) );
        return $this;
    }

    public function token()
    {
        $payload = [
            'iss' => $this->iss,
            'iat' => $this->iat,
            'exp' => $this->exp,
            'nbf' => $this->nbf,
            'jti' => $this->jti
        ];

        return JWT::encode($payload, $this->key, 'HS256');
    }

    public function parse($token)
    {
    
        $bearerToken = $this->getBearerToken( $token );
        if( !$bearerToken ) return ['success' => false, 'message' => 'Token Invalid'];

        try {
            $decoded = JWT::decode($bearerToken, new Key($this->key, 'HS256') );

            return ['success' => true];
        }catch (\Exception $e){

            return ['success' => false, 'message' => $e->getMessage()];
        }
        
    }

    public function getBearerToken($token)
    {
        $token = explode(" ", $token);
        if( !isset($token[0]) && $token[0] != 'Bearer' )
        {
            return false;
        }

        return $token[2];
    }

    public function setTime($date)
    {
        return strtotime($date);
    }

    public function getCurrentURL()
    {
        $url = ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https://' : 'http://') . $_SERVER['HTTP_HOST']. $_SERVER['REQUEST_URI'];

        return $url;
    }
    
}

Kami membuka file itu lagi. env dan tambahkan variabel berikut

#--------------------------------------------------------------------
# ENVIRONMENT
#--------------------------------------------------------------------

CI_ENVIRONMENT = development

#--------------------------------------------------------------------
# APP
#--------------------------------------------------------------------

app.baseURL = 'http://localhost:8080/'

Ada dua variabel yaitu kunci rahasia dan ttl. Kunci rahasia nantinya akan digunakan sebagai kunci saat membuat token JWT, sedangkan ttl digunakan untuk mengatur tanggal kedaluwarsa token. Untuk format waktu kami menggunakan menit. Contoh diatas yang kita gunakan adalah 1440 menit atau 24 jam

Selanjutnya, kami membuat middleware untuk otentikasi bahwa API harus diakses menggunakan token JWT. Bagaimana kami membuat file Filter bernama AuthFilter. php, dan masukkan kode berikut

#--------------------------------------------------------------------
# ENVIRONMENT
#--------------------------------------------------------------------

CI_ENVIRONMENT = development

#--------------------------------------------------------------------
# APP
#--------------------------------------------------------------------

app.baseURL = 'http://localhost:8080/'

Jangan lupa daftar dulu

#--------------------------------------------------------------------
# ENVIRONMENT
#--------------------------------------------------------------------

CI_ENVIRONMENT = development

#--------------------------------------------------------------------
# APP
#--------------------------------------------------------------------

app.baseURL = 'http://localhost:8080/'

Fungsi filter adalah untuk keamanan agar tidak semua orang bisa mengakses API secara bebas

Langkah 7. Buat Rute

Tambahkan beberapa rute baru di file App\Config\Routes. php sebagai berikut

#--------------------------------------------------------------------
# ENVIRONMENT
#--------------------------------------------------------------------

CI_ENVIRONMENT = development

#--------------------------------------------------------------------
# APP
#--------------------------------------------------------------------

app.baseURL = 'http://localhost:8080/'

Langkah 8. Jalankan API

Berikut adalah hasil REST API yang kami uji menggunakan Postman

Demikian tutorial kali ini. Semoga bermanfaat

Untuk source code lengkapnya bisa dilihat di akun github sobatcoding di link berikut https. //github. com/sobatcoding21/CI4RestApi. git

Bagaimana cara kerja JWT?

Di mana token JWT disimpan?

Apa fungsi JWT?