add api authentication

frontend/modules/api/controllers/UserController.php

@@ -0,0 +1,57 @@
+<?php
+
+
+namespace frontend\modules\api\controllers;
+
+use common\models\User;
+use frontend\modules\api\models\LoginForm;
+use Yii;
+use yii\filters\ContentNegotiator;
+use yii\rest\ActiveController;
+use yii\helpers\ArrayHelper;
+use yii\filters\auth\QueryParamAuth;
+use yii\web\BadRequestHttpException;
+use yii\web\Response;
+
+class UserController extends ActiveController
+{
+    public $modelClass = User::class;
+
+    public function behaviors()
+    {
+        return ArrayHelper::merge(parent::behaviors(), [
+            [
+                'class' => ContentNegotiator::class,
+                'formats' => [
+                    'application/json' => Response::FORMAT_JSON,
+                ],
+            ],
+            'authenticatior' => [
+                'class' => QueryParamAuth::class, //implement access token authentication
+                'except' => ['login'], // no need to verify the access token method, pay attention to distinguish between $noAclLogin
+            ]
+        ]);
+    }
+
+    public function actions()
+    {
+        $action = parent::actions(); // TODO: Change the autogenerated stub
+        unset($action['index']);
+        unset($action['create']);
+        unset($action['update']);
+        unset($action['delete']);
+    }
+
+
+    public function actionLogin()
+    {
+        $model = new LoginForm();
+        if ($model->load(Yii::$app->getRequest()->getBodyParams(), '') && $model->login()) {
+            return [
+                'access_token' => $model->login(),
+            ];
+        } else {
+            throw new BadRequestHttpException(json_encode($model->errors));
+        }
+    }
+}

frontend/modules/api/models/LoginForm.php

@@ -0,0 +1,70 @@
+<?php
+
+namespace frontend\modules\api\models;
+
+use common\models\User;
+use Yii;
+use yii\base\Model;
+
+/**
+ * Login form
+ */
+class LoginForm extends Model
+{
+    public $username;
+    public $password;
+    public $rememberMe = true;
+
+    private $_user;
+
+    Const EXPIRE_TIME = 604800; // token expiration time, valid for 7 days
+
+    /**
+     * {@inheritdoc}
+     */
+    public function rules()
+    {
+        return [
+            // username and password are both required
+            [['username', 'password'], 'required'],
+            // rememberMe must be a boolean value
+            ['rememberMe', 'boolean'],
+            // password is validated by validatePassword()
+            ['password', 'validatePassword'],
+        ];
+    }
+
+    public function validatePassword($attribute)
+    {
+        if (!$this->hasErrors()) {
+            $user = $this->getUser();
+            if (!$user || !$user->validatePassword($this->password)) {
+                $this->addError($attribute, 'Incorrect username or password.');
+            }
+        }
+    }
+
+    public function login()
+    {
+        if ($this->validate()) {
+            //return Yii::$app->user->login($this->getUser(), $this->rememberMe ? 3600 * 24 * 30 : 0);
+            if ($this->getUser()) {
+                $access_token = $this->_user->generateAccessToken();
+                $this->_user->access_token_expired_at = date('Y-m-d', time() + static::EXPIRE_TIME);
+                $this->_user->save();
+                Yii::$app->user->login($this->_user, static::EXPIRE_TIME);
+                return $access_token;
+            }
+        }
+        return false;
+    }
+
+    protected function getUser()
+    {
+        if ($this->_user === null) {
+            $this->_user = User::findByUsername($this->username);
+        }
+
+        return $this->_user;
+    }
+}