您的位置 首页 php

Laravel API 认证:JWT 认证

智云科技 发布于 2022年6月24日 评论关闭 阅读(384)

开发环境

laravel版本:laravel6.X

PHP版本:PHP7.2

前提要求:要安装composer

一:安装 jwt-auth(注意命令要在项目根目录下执行)

在composer.json文件下的require下加入 “tymon/jwt-auth”: “1.*@rc” 

 "require": {
        ......
        "tymon/jwt-auth": "1.*@rc"
    },

然后执行命令下载安装jwt-auth 

 composer update

二:运行如下命令发布配置文件到 config 

 php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"

三:生成 JWT_SECRET

通过运行如下命令自动生成 JWT_SECRET 到 .env文件 中: 

 php artisan jwt:secret

四:更新 User 模型 (在user模型添加两个方法) 

 namespace App;

use Tymon\JWTAuth\Contracts\JWTSubject;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable implements JWTSubject
{
    use Notifiable;
		/**
     * Get the identifier that will be stored in the subject claim of the JWT.
     *
     * @return mixed
     */
    public function getJWTIdentifier()
    {
        return $this->getKey();
    }
    /**
     * Return a key value array, containing any custom claims to be added to the JWT.
     *
     * @return array
     */
    public function getJWTCustomClaims()
    {
        return [];
    }
}

五:配置 Auth guard 

 在 config/auth.php 文件中配置 JWT:
'defaults' => [
    'guard' => 'api',
    'passwords' => 'users',
],
...
'guards' => [
    'api' => [
        'driver' => 'jwt',
        'provider' => 'users',
    ],
],

六:增加一些基本的认证路由

首先在 routes/api.php 中添加路由选项: 

 Route::group([
    'prefix' => 'auth'
], function ($router) {
    Route::post('login', 'AuthController@login');
    Route::post('logout', 'AuthController@logout');
    Route::post('refresh', 'AuthController@refresh');
    Route::post('me', 'AuthController@me');
});

七:创建 AuthController

接着通过如下命令创建 AuthController 

 php artisan make:controller AuthController

AuthController控制器的代码 

 <?php
namespace App\Http\Controllers;
use Illuminate\Support\Facades\Auth;
use App\Http\Controllers\Controller;
class AuthController extends Controller
{
    /**
     * Create a new AuthController instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('auth:api', ['except' => ['login', 'refresh']]);
    }
    /**
     * Get a JWT via given credentials.
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function login()
    {
        $credentials = request(['email', 'password']);		// 这是登陆时用的参数,password要加密才不会有报错
      if (!$token = auth('api')->attempt($credentials)) {
            return response()->json(['error' => 'Unauthorized'], 401);
        }
        return $this->respondWithToken($token);
    }
    /**
     * Get the authenticated User.
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function me()
    {
        return response()->json(auth('api')->user());
    }
    /**
     * Log the user out (Invalidate the token).
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function logout()
    {
        auth('api')->logout();
        return response()->json(['message' => 'Successfully logged out']);
    }
    /**
     * Refresh a token.
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function refresh()
    {
        return $this->respondWithToken(auth('api')->refresh());
    }
    /**
     * Get the token array structure.
     *
     * @param  string $token
     *
     * @return \Illuminate\Http\JsonResponse
     */
    protected function respondWithToken($token)
    {
        return response()->json([
            'access_token' => $token,
            'token_type' => 'Bearer',
            'expires_in' => auth('api')->factory()->getTTL() * 60
        ]);
    }
}

注意:login方法下的password要加密传过去,不然会有报错。

如果项目没有用到密码去获取token的话可以在\vendor\laravel\framework\src\Illuminate\Auth目录下的EloquentUserProvider.php文件第154行左右把代码改成如下 

 /**
 * Validate a user against the given credentials.
 *
 * @param  \Illuminate\Contracts\Auth\Authenticatable  $user
 * @param  array  $credentials
 * @return bool
 */
public function validateCredentials(UserContract $user, array $credentials)
{
    return true;
    //$plain = $credentials['password'];

    //return $this->hasher->check($plain, $user->getAuthPassword());
}

然后可以通过 POST 用户认证凭据到 来获取 token,你将得到如下内容: 

 {
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ",
    "token_type": "Bearer",
    "expires_in": 3600
}

下面的内容就是通过access_token来解析登陆的用户信息

如果需要使用到中间件的话,在app\Http\Kernel.php下的加入下面这行代码 

 /**
     * The application's route middleware.
     *
     * These middleware may be assigned to groups or used individually.
     *
     * @var array
     */
    protected $routeMiddleware = [
        ......
        'auth.jwt' => \Tymon\JWTAuth\Http\Middleware\Authenticate::class,
    ];

然后路由文件routes/web.php下添加下面代码 

 Route::group(['middleware' => 'auth.jwt'], function () {
					Route::post('/test','IndexController@index');
});

在IndexController下的index方法使用下面代码打印就能获取用户信息了 

 auth()->user('api')

#laravel# #jwt-auth#

记录laravel下使用jwt-auth的过程

越努力越幸运

标签:
打赏 点赞(0)

文章来源:智云一二三科技

文章标题:Laravel API 认证:JWT 认证

文章地址:https://www.zhihuclub.com/77369.shtml

关于作者: 智云科技

相关文章

热门文章

1分享新浪图床上传接口源码

点赞(899) 阅读(59,886)

2PHP简单实现路由Route功能

点赞(1.12K) 阅读(35,948)

3Tideways、xhprof 和 xhgui 打造 PHP 非侵入式监控平台

点赞(327) 阅读(4,276)

4centos系统如何查看是否安装了mysql

点赞(502) 阅读(3,761)

5curl 工具简述

点赞(471) 阅读(2,963)
网站地图