laravel安裝jwt-auth及驗(yàn)證(實(shí)例)

4615

laravel安裝jwt-auth及驗(yàn)證(實(shí)例)

laravel 安裝jwt-auth及驗(yàn)證

1、使用composer安裝jwt,cmd到項(xiàng)目文件夾中;

composer require tymon/jwt-auth 1.0.*(這里版本號(hào)根據(jù)自己的需要寫)

安裝jwt ,參考官方文檔https://jwt-auth.readthedocs.io/en/docs/laravel-installation/

2、如果laravel版本低于5.4

打開(kāi)根目錄下的config/app.php?

在’providers’數(shù)組里加上TymonJWTAuthProvidersLaravelServiceProvider::class,

‘providers’ => [ … TymonJWTAuthProvidersLaravelServiceProvider::class,]

3、在 config 下增加一個(gè) jwt.php 的配置文件

php artisan vendor:publish –provider=”TymonJWTAuthProvidersLaravelServiceProvider”

4、在 .env 文件下生成一個(gè)加密密鑰,如:JWT_SECRET=foobar

php artisan jwt:secret

5、在user模型中寫入下列代碼

<?php namespace AppModel; use TymonJWTAuthContractsJWTSubject; use IlluminateNotificationsNotifiable; use IlluminateFoundationAuthUser as Authenticatable; class User extends Authenticatable implements JWTSubject {         // Rest omitted for brevity     protected $table="user";     public $timestamps = false;     public function getJWTIdentifier()     {         return $this->getKey(); ????} ????public?function?getJWTCustomClaims() ????{ ????????return?[]; ????} }

6、注冊(cè)兩個(gè) Facade

config/app.php

'aliases'?=&gt;?[ ????????... ????????//?添加以下兩行 ????????'JWTAuth'?=&gt;?'TymonJWTAuthFacadesJWTAuth', ????????'JWTFactory'?=&gt;?'TymonJWTAuthFacadesJWTFactory', ],

7、修改 auth.php

config/auth.php

'guards'?=&gt;?[ ????'web'?=&gt;?[ ????????'driver'?=&gt;?'session', ????????'provider'?=&gt;?'users', ????], ????'api'?=&gt;?[ ????????'driver'?=&gt;?'jwt',??????//?原來(lái)是?Token?改成jwt ????????'provider'?=&gt;?'users', ????], ],

8、注冊(cè)路由

Route::group([ ????'prefix'?=&gt;?'auth' ],?function?($router)?{ ????$router-&gt;post('login',?'AuthController@login'); ????$router-&gt;post('logout',?'AuthController@logout'); });

9、創(chuàng)建token控制器

php artisan make:controller AuthController

代碼如下:

<?php namespace AppHttpControllers; use AppModelUser; use IlluminateHttpRequest; use TymonJWTAuthFacadesJWTAuth; class AuthController extends Controller {     /**      * Create a new AuthController instance.      *      * @return void      */     public function __construct()     {         $this->middleware('auth:api',?['except'?=&gt;?['login']]); ????} ????/** ?????*?Get?a?JWT?via?given?credentials. ?????* ?????*?@return?IlluminateHttpJsonResponse ?????*/ ????public?function?login() ????{ ????????$credentials?=?request(['email',?'password']); ????????if?(!?$token?=?auth('api')-&gt;attempt($credentials))?{ ????????????return?response()-&gt;json(['error'?=&gt;?'Unauthorized'],?401); ????????} ????????return?$this-&gt;respondWithToken($token); ????} ????/** ?????*?Get?the?authenticated?User. ?????* ?????*?@return?IlluminateHttpJsonResponse ?????*/ ????public?function?me() ????{ ????????return?response()-&gt;json(JWTAuth::parseToken()-&gt;touser()); ????} ????/** ?????*?Log?the?user?out?(Invalidate?the?token). ?????* ?????*?@return?IlluminateHttpJsonResponse ?????*/ ????public?function?logout() ????{ ????????JWTAuth::parseToken()-&gt;invalidate(); ????????return?response()-&gt;json(['message'?=&gt;?'Successfully?logged?out']); ????} ????/** ?????*?Refresh?a?token. ?????* ?????*?@return?IlluminateHttpJsonResponse ?????*/ ????public?function?refresh() ????{ ????????return?$this-&gt;respondWithToken(JWTAuth::parseToken()-&gt;refresh()); ????} ????/** ?????*?Get?the?token?array?structure. ?????* ?????*?@param??string?$token ?????* ?????*?@return?IlluminateHttpJsonResponse ?????*/ ????protected?function?respondWithToken($token) ????{ ????????return?response()-&gt;json([ ????????????'access_token'?=&gt;?$token, ????????????'token_type'?=&gt;?'bearer', ????????????'expires_in'?=&gt;?JWTAuth::factory()-&gt;getTTL()?*?60 ????????]); ????} }

注意:attempt? 一直返回false,是因?yàn)閜assword被加密了,使用bcrypt或者password_hash加密后就可以了

10、驗(yàn)證token獲取用戶信息

有兩種使用方法:

加到 url 中:?token=你的token

加到 header 中,建議用這種,因?yàn)樵?https 情況下更安全:Authorization:Bearer 你的token

11、首先使用artisan命令生成一個(gè)中間件,我這里命名為RefreshToken.php,創(chuàng)建成功后,需要繼承一下JWT的BaseMiddleware

代碼如下:

<?php namespace AppHttpMiddleware; use Auth; use Closure; use TymonJWTAuthExceptionsJWTException; use TymonJWTAuthHttpMiddlewareBaseMiddleware; use TymonJWTAuthExceptionsTokenExpiredException; use SymfonyComponentHttpKernelExceptionUnauthorizedHttpException; // 注意,我們要繼承的是 jwt 的 BaseMiddleware class RefreshToken extends BaseMiddleware {     /**      * Handle an incoming request.      *      * @ param  IlluminateHttpRequest $request      * @ param  Closure $next      *      * @ throws SymfonyComponentHttpKernelExceptionUnauthorizedHttpException      *      * @ return mixed      */     public function handle($request, Closure $next)     {         // 檢查此次請(qǐng)求中是否帶有 token,如果沒(méi)有則拋出異常。         $this->checkForToken($request); ????????//?使用?try?包裹,以捕捉?token?過(guò)期所拋出的?TokenExpiredException??異常 ????????try?{ ????????????//?檢測(cè)用戶的登錄狀態(tài),如果正常則通過(guò) ????????????if?($this-&gt;auth-&gt;parseToken()-&gt;authenticate())?{ ????????????????return?$next($request); ????????????} ????????????throw?new?UnauthorizedHttpException('jwt-auth',?'未登錄'); ????????}?catch?(TokenExpiredException?$exception)?{ ????????????//?此處捕獲到了?token?過(guò)期所拋出的?TokenExpiredException?異常,我們?cè)谶@里需要做的是刷新該用戶的?token?并將它添加到響應(yīng)頭中 ????????????try?{ ????????????????//?刷新用戶的?token ????????????????$token?=?$this-&gt;auth-&gt;refresh(); ????????????????//?使用一次性登錄以保證此次請(qǐng)求的成功 ????????????????Auth::guard('api')-&gt;onceUsingId($this-&gt;auth-&gt;manager()-&gt;getPayloadFactory()-&gt;buildClaimsCollection()-&gt;toPlainArray()['sub']); ????????????}?catch?(JWTException?$exception)?{ ????????????????//?如果捕獲到此異常,即代表?refresh?也過(guò)期了,用戶無(wú)法刷新令牌,需要重新登錄。 ????????????????throw?new?UnauthorizedHttpException('jwt-auth',?$exception-&gt;getMessage()); ????????????} ????????} ????????//?在響應(yīng)頭中返回新的?token ????????return?$this-&gt;setAuthenticationHeader($next($request),?$token); ????} }

這里主要需要說(shuō)的就是在token進(jìn)行刷新后,不但需要將token放在返回頭中,最好也將請(qǐng)求頭中的token進(jìn)行置換,因?yàn)樗⑿逻^(guò)后,請(qǐng)求頭中的token就已經(jīng)失效了,如果接口內(nèi)的業(yè)務(wù)邏輯使用到了請(qǐng)求頭中的token,那么就會(huì)產(chǎn)生問(wèn)題。

這里使用

$request-&gt;headers-&gt;set('Authorization','Bearer?'.$token);

將token在請(qǐng)求頭中刷新。

創(chuàng)建并且寫完中間件后,只要將中間件注冊(cè),并且在AppExceptionsHandler.php內(nèi)加上一些異常處理就ok了。

12、kernel.php文件中

$routeMiddleware 添加中間件配置

'RefreshToken'?=&gt;?AppHttpMiddlewareRefreshToken::class,

13、添加路由

Route::group(['prefix'?=&gt;?'user'],function($router)?{ ????$router-&gt;get('userInfo','UserController@userInfo')-&gt;middleware('RefreshToken'); });

在控制器中通過(guò)? JWTAuth::user();就可以獲取用戶信息

更多l(xiāng)aravel框架技術(shù)文章,請(qǐng)?jiān)L問(wèn)https://jwt-auth.readthedocs.io/en/docs/laravel-installation/教程!

以上就是

? 版權(quán)聲明
THE END
PHP框架
# php# 接口# https# laravel# composer# 中間件# 繼承# class# require# Token
喜歡就支持一下吧
點(diǎn)贊15 分享