laravel jwt的基本配置及使用

2019-03-06 10:50:03   php分享记录

  jwt  

laravel jwt的安装使用

  1. jwt的安装

    1. composer require tymon/jwt-auth

  2. config.php中添加服务提供程序

    1. 'providers' => [
    3.  ...
    5.  Tymon\JWTAuth\Providers\LaravelServiceProvider::class,
    6. ]

  3. 发布配置文件

    1. php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider

  4. 生成密钥

    1. php artisan jwt:secret

  5. 更改用户模型

    1. //倘若不想使用默认的User.php auth模型的话,自己手动新建一个模型,并在auth.php中配置
    2. namespace App\DB;
    3. use Illuminate\Notifications\Notifiable;
    4. use Illuminate\Foundation\Auth\User as Authenticatable;
    5. use Tymon\JWTAuth\Contracts\JWTSubject;
    6. class Staff extends Authenticatable implements JWTSubject
    7. {
    8.  protected $table = 'staff';
    10.  protected $primaryKey = 'id';
    12.  use Notifiable;
    14.  public function getJWTIdentifier()
    15.  {
    16.      return $this->getKey();
    17.      // TODO: Implement getJWTIdentifier() method.
    18.  }
    20.  public function getJWTCustomClaims()
    21.  {
    22.      return [];
    23.      // TODO: Implement getJWTCustomClaims() method.
    24.  }
    25. }

  6. 配置auth guard

    1. 'defaults' => [
    2.  'guard' => 'api',
    3.  'passwords' => 'users',
    4. ],
    5. ...
    6. 'guards' => [
    7.  'api' => [
    8.      'driver' => 'jwt',
    9.      'provider' => 'users',
    10.  ],
    11. ],
    12. ···
    13. 'providers' => [
    14.      'users' => [
    15.          'driver' => 'eloquent',
    16.          'model' => App\DB\Staff::class,
    17.          'table' =>'user_basic'
    18.      ],
    19.  ],

  7. 添加路由api.php

    1. Route::group([
    2.  'middleware' => 'api',
    3.  'prefix' => 'auth'
    4. ], function ($router) {
    5.  Route::post('login', 'AuthController@login');
    6.  Route::post('logout', 'AuthController@logout');
    7.  Route::post('refresh', 'AuthController@refresh');
    8.  Route::post('me', 'AuthController@me');
    9. });

  8. 创建控制器

    1. php artisan make:controller AuthController
    1. namespace App\Http\Controllers;
    2. use App\DB\Staff;
    3. use Illuminate\Http\Request;
    4. use Illuminate\Support\Facades\Auth;
    5. use Illuminate\Support\Facades\Response;
    6. use Tymon\JWTAuth\Facades\JWTAuth;
    7. class AuthController extends Controller
    8. {
    9. public function __construct()
    10.  {
    11.      $this->middleware('RefreshToken', ['except' => 'login']);
    12.  }
    13. public function login(Request $request)
    14.  {
    15.      if(\auth()->check()){
    16.          //如果有有效token,则先手动失效
    17.          \auth()->invalidate();
    18.      }
    20.      $input = request(['work_num', 'password']);
    22.      // 验证规则,由于业务需求,这里我更改了一下登录的用户名,使用手机号码登录
    23.      $rules = [
    24.          'work_num' => [
    25.              'required',
    26.          ],
    27.          'password' => 'required|numeric',
    28.      ];
    30.      $messages = [
    31.          'required'=>":attribute不能为空",
    32.          'numeric'=>":attribute必须为数字",
    33.      ];
    35.      $attributes = [
    36.          'work_num'=>"工号",
    37.          'password'=>"密码"
    38.      ];
    40.      $validator = \Validator::make($input,$rules,$messages,$attributes);
    42.      if($validator->fails()){
    44.          $error =  $validator->errors()->first();
    45.          return response()->json([
    46.              'code'=>"201",
    47.              'error'=>$error
    48.          ]);
    50.      }
    52.      // 验证参数,如果验证失败,则会抛出 ValidationException 的异常
    53.      $params = $this->validate($request, $rules);
    55.      if ($user = Staff::where(['work_num' => $input['work_num'], 'password' => md5(md5($input['password']))])->first()) {
    56. //            $token = JWTAuth::fromUser($user);
    57.          $token = auth('api')->login($user);
    58.      } else {
    59.          return response()->json(['result' => '账号或密码错误.']);
    60.      }
    62.      return response()->json(
    63.          [
    64.              'access_token' => $token,
    65.              'token_type' => 'bearer',
    66.              'expires_in' => auth()->factory()->getTTL() * 60
    67.          ]
    68.      );
    70.  }
    71. public function me(){
    72.      $user = \auth('api')->user();
    74.      return response()->json(compact('user'));
    75.  }
    76. public function logout()
    77.  {
    78.      \auth()->logout();
    80.      return response(['message' => '退出成功']);
    81.  }

  9. 中间件

    1. php artisan make:middleware RefreshToken
    1. kernel.php
    2. protected $routeMiddleware=[
    3. ···
    4. 'RefreshToken'=>\App\Http\Middleware\RefreshToken::class
    5. ···
    6. ]

  10. 中间件内容

    1. public function handle($request, Closure $next)
    2.  {
    3.      $this->checkForToken($request);
    5.      try{
    6.          if($this->auth->parseToken()->authenticate()){
    7.              return $next($request);
    8.          }
    10.          throw new UnauthorizedHttpException('jwt',"未登陆");
    12.      }catch (TokenExpiredException  $exception){
    13.          try{
    14.              $token = $this->auth->refresh();
    16.              Auth::guard('api')->onceUsingId($this->auth->manager()->getPayloadFactory()->buildClaimsCollection()->toPlainArray()['sub']);
    17.          }catch (JWTException $exception){
    18.              //刷新过期
    19.              throw new UnauthorizedHttpException('jwt',"登录失效,请重新登录");
    20.          }
    22.          return $this->setAuthenticationHeader($next($request),$token);
    23.      }catch (TokenBlacklistedException $exception){
    24.          throw new UnauthorizedHttpException('jwt',"登录失效,请重新登录");
    25.      }
    26.  }

张书贤

User Image

标签

ajax跨域 API设计 coding exception freeswitch freeswitch,多网卡 frp,局域网穿透,端口转发 Git自动部署 go,浏览器调用,模拟按键操作 jwt jwt方法 laravel monit,centos7,进程监控 mysql时间函数 nginx,小程序 nginx,跨域 python小计 RESTful 设计规范 tar恢复备份,新硬盘 个人常用函数 主从同步 二步验证 伪SQL,binlog,row 元组 内存优化 列表 多网卡 字符串 正则 笛卡尔积 订阅,发布 队列任务,laravel
热门文章
友情链接