Laravel支持多种认证方式,其中API认证的方式是最简单的,作为接口使用非常方便。注册/登录成功会返回一个api_token,通过这个api_tpken就可以执行需要登录的操作。
下面讲下具体的使用步骤。
数据表及迁移
在database/migrations中新加一个文件,命名为users_add_api_token.php,内容如下
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
class UsersAddApiToken extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::table('users', function ($table) {
$table->string('api_token', 80)->after('password')
->unique()
->nullable()
->default(null);
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::table('users', function (Blueprint $table) {
$table->dropColumn('api_token');
});
}
}然后执行迁移
php artisan migrate配置修改
如果不想api_token以明文存储,则需对其加密,修改config/auth.php,将api下的hash改为true,如下所示
'api' => [
'driver' => 'token',
'provider' => 'users',
'hash' => true,
],路由配置,routes/api.php:
# 注册
Route::post('register', 'Auth\RegisterController@register');
# 登录
Route::post('login', 'Auth\LoginController@login');
Route::middleware('auth:api')->post('/user', function (Request $request) {
return $request->user();
});
# 用户信息
Route::middleware('auth:api')->get('userInfo', 'UserController@userInfo');
Route::middleware('auth:api')->post('userInfo', 'UserController@userInfo');注册
修改app/controller/Auth/RegisterController.php,新加一个register方法,如下
/**
* Create a new user instance after a valid registration.
*
* @param array $data
* @return \App\User
*/
protected function create(array $data)
{
return User::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => Hash::make($data['password']),
]);
}
public function register(Request $request){
$valid = $this->validator($request->all());
if(count($valid->errors()) > 0){
return response()->json($valid->errors());
}
$user = $this->create($request->all());
event(new Registered($user));
$api_token = Str::random(80);
$user->update(['api_token' => hash('sha256', $api_token)]);
$res = ['code' => 1, 'data' => ['api_token' => $api_token]];
return response()->json($res);
}请求时需要使用POST,传name、email、password、password_confirmation这几个参数,最后一个是密码确认。
注册成功会返回api_token
登录
修改app/controller/Auth/LoginController.php,新加login方法,如下
public function login(){
$user = User::where('name', request('name'))
->firstOrFail();
if (!password_verify(request('password'), $user->password)) {
$res = [
'code' => 0,
'msg' => '用户名或者密码错误!'
];
return response()->json([$res],
403);
}
$api_token = Str::random(80);
$user->update(['api_token' => hash('sha256', $api_token)]);
$res = ['code' => 1, 'data' => ['api_token' => $api_token]];
return response()->json($res);
}这里是通过name+password来登录,同样是POST请求,见路由定义。
登录成功会返回api_token。
用户信息
路由已在routes/api.php中定义,相应的方法在app/http/controller/UserController.php中
public function userInfo(Request $request){
return $request->user();
}然后可以通过GET或POST方法获取用户信息,以GET方法为例,请求http://localhost/api/userInfo?api_token=xxxx即可。
api_token正确的情况下会返回类似如下的信息
{
"id": 8,
"name": "test66",
"email": "test66@test.com",
"email_verified_at": null,
"created_at": "2021-10-06 17:25:55",
"updated_at": "2021-10-06 17:25:55"
}如果提示Route [login] not defined,表示api_token错误,在处理未登录状态时出了点问题。
此时需要修改请求头,加上Accept=application/json,同时修改app/Exceptions/Handler.php,加上几行代码
头部加上引用
use Illuminate\Auth\AuthenticationException;底部加个方法以overwrite
/**
* 未登录处理
* @param \Illuminate\Http\Request $request
* @param AuthenticationException $exception
* @return \Illuminate\Http\JsonResponse|\Illuminate\Http\RedirectResponse|\Symfony\Component\HttpFoundation\Response
*/
protected function unauthenticated($request, AuthenticationException $exception)
{
if ($request->expectsJson()) {
return response()->json(['code' => 0, 'msg' => '请先登录'], 401);
}
return redirect()->guest(route('auth.login'));
}返回的JSON信息根据自己的需要修改即可。