摘要:在開發(fā)中���,用戶認證是核心,是數(shù)據(jù)是否有保障的前提����,目前主要有兩種常用方式進行用戶認證和。為了學(xué)習(xí)在中的使用�,最好的辦法就是在程序員同志網(wǎng)搜索有關(guān)插件,找個最多的那個拿來研究研究�����。
通過上一篇《學(xué)習(xí) Lumen 用戶認證 (一)》https://mp.weixin.qq.com/s/KVUQE2DUetNB2kqxHs0VDg的學(xué)習(xí),大致懂了 Lumen 的用戶認證主要使用 「api」的方式����,來默認進行用戶認證:
app["auth"]->viaRequest("api", function ($request) {
if ($request->input("api_token")) {
return User::where("api_token", $request->input("api_token"))->first();
}
});
}
}
當(dāng)然在實際開發(fā)中,我們不能只是簡單的獲取 api_token直接關(guān)聯(lián)數(shù)據(jù)庫查找用戶信息�。
在 API 開發(fā)中,用戶認證是核心����,是數(shù)據(jù)是否有保障的前提,目前主要有兩種常用方式進行用戶認證: JWT 和 OAuth2�����。
本文將簡要說說如何利用 JWT 來進行用戶認證
JWT
Json web token (JWT), 是為了在網(wǎng)絡(luò)應(yīng)用環(huán)境間傳遞聲明而執(zhí)行的一種基于JSON 的開放標(biāo)準(zhǔn) (RFC 7519)�。該 token 被設(shè)計為緊湊且安全的,特別適用于分布式站點的單點登錄(SSO)場景���。JWT 的聲明一般被用來在身份提供者和服務(wù)提供者間傳遞被認證的用戶身份信息��,以便于從資源服務(wù)器獲取資源�,也可以增加一些額外的其它業(yè)務(wù)邏輯所必須的聲明信息��,該 token 也可直接被用于認證,也可被加密���。
關(guān)于 JWT 更具體的介紹����,相信網(wǎng)上有很多帖子和文章值得參考����,這里先不闡述了�。
為了學(xué)習(xí) JWT 在 Lumen 中的使用,最好的辦法就是在「程序員同志網(wǎng) —— GitHub」搜索有關(guān)插件����,找個 stars 最多的那個拿來研究研究。
tymondesigns/jwt-auth
JSON Web Token Authentication for Laravel & Lumen
安裝 jwt-auth
通過 Composer 安裝:
composer require tymon/jwt-auth:"^1.0@dev"
注: 0.5.* 版本未對 Lumen 專門做封裝
將 $app->withFacades() 和 auth 認證相關(guān)的注釋去掉:
load();
} catch (DotenvExceptionInvalidPathException $e) {
//
}
/*
|--------------------------------------------------------------------------
| Create The Application
|--------------------------------------------------------------------------
|
| Here we will load the environment and create the application instance
| that serves as the central piece of this framework. We"ll use this
| application as an "IoC" container and router for this framework.
|
*/
$app = new LaravelLumenApplication(
realpath(__DIR__."/../")
);
// 取消注釋�����,這樣就可以通過 Auth::user()�,獲取當(dāng)前授權(quán)用戶
$app->withFacades();
$app->withEloquent();
/*
|--------------------------------------------------------------------------
| Register Container Bindings
|--------------------------------------------------------------------------
|
| Now we will register a few bindings in the service container. We will
| register the exception handler and the console kernel. You may add
| your own bindings here if you like or you can make another file.
|
*/
$app->singleton(
IlluminateContractsDebugExceptionHandler::class,
AppExceptionsHandler::class
);
$app->singleton(
IlluminateContractsConsoleKernel::class,
AppConsoleKernel::class
);
/*
|--------------------------------------------------------------------------
| Register Middleware
|--------------------------------------------------------------------------
|
| Next, we will register the middleware with the application. These can
| be global middleware that run before and after each request into a
| route or middleware that"ll be assigned to some specific routes.
|
*/
// $app->middleware([
// AppHttpMiddlewareExampleMiddleware::class
// ]);
// 增加 auth 中間件
$app->routeMiddleware([
"auth" => AppHttpMiddlewareAuthenticate::class,
]);
/*
|--------------------------------------------------------------------------
| Register Service Providers
|--------------------------------------------------------------------------
|
| Here we will register all of the application"s service providers which
| are used to bind services into the container. Service providers are
| totally optional, so you are not required to uncomment this line.
|
*/
$app->register(AppProvidersAppServiceProvider::class);
$app->register(AppProvidersAuthServiceProvider::class);
// $app->register(AppProvidersEventServiceProvider::class);
/*
|--------------------------------------------------------------------------
| Load The Application Routes
|--------------------------------------------------------------------------
|
| Next we will include the routes file so that they can all be added to
| the application. This will provide all of the URLs the application
| can respond to, as well as the controllers that may handle them.
|
*/
$app->router->group([
"namespace" => "AppHttpControllers",
], function ($router) {
require __DIR__."/../routes/web.php";
});
return $app;
然后在 AppServiceProvider 中注冊 LumenServiceProvider:
$this->app->register(TymonJWTAuthProvidersLumenServiceProvider::class);
在 Lumen 項目中,默認沒有 config 文件夾�,需要在項目根目錄創(chuàng)建,并將 vendor 源代碼中auth.php 復(fù)制出來�����,同時將 api 認證指定為「jwt」:
[
"guard" => env("AUTH_GUARD", "api"),
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user"s data.
|
| Supported: "session", "token"
|
*/
"guards" => [
"api" => [
"driver" => "jwt",
"provider" => "users"
],
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user"s data.
|
| If you have multiple user tables or models you may configure multiple
| sources which represent each model / table. These sources may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/
"providers" => [
"users" => [
"driver" => "eloquent",
"model" => AppUser::class,
],
],
/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
|
| Here you may set the options for resetting passwords including the view
| that is your password reset e-mail. You may also set the name of the
| table that maintains all of the reset tokens for your application.
|
| You may specify multiple password reset configurations if you have more
| than one user table or model in the application and you want to have
| separate password reset settings based on the specific user types.
|
| The expire time is the number of minutes that the reset token should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/
"passwords" => [
//
],
];
最后,因為 JWT 協(xié)議需要用到 secret�,所以需要生成一個 secret:
php artisan jwt:secret
使用 jwt-auth
1. 更新 User Model
繼承 TymonJWTAuthContractsJWTSubject:
getKey();
}
/**
* Return a key value array, containing any custom claims to be added to the JWT.
*
* @return array
*/
public function getJWTCustomClaims()
{
return [];
}
}
2. 寫一個 Login 方法,驗證登陸信息����,并返回 token 回客戶端:
// 路由
$router->post("/auth/login", "AuthController@postLogin");
postLogin 方法:
jwt = $jwt;
}
public function postLogin(Request $request)
{
if (! $token = $this->jwt->attempt($request->only("email", "password"))) {
return response()->json(["user_not_found"], 404);
}
return response()->json(compact("token"));
}
}
可以請求試試了,用 Postman 跑跑:
有了 token 了����。我們就可以用來測試,看能不能認證成功���,獲取用戶信息���。
3. 使用 token 獲取用戶信息
// 使用 auth:api 中間件
$router->group(["middleware" => "auth:api"], function($router)
{
$router->get("/test", "ExampleController@getUser");
});
只要驗證通過,就可以利用 Auth:user()方法獲取用戶信息了�。
public function getUser(Request $request) {
return response()->json(["user" => Auth::user()]);
}
對照數(shù)據(jù)庫:
以后只要在請求的 headers 中加入 token 信息即可,完美實現(xiàn)用戶認證�����。
想了解有關(guān) Lumen 的認證相關(guān)內(nèi)容��,可以參考上一篇文章《學(xué)習(xí) Lumen 用戶認證 (一)》https://mp.weixin.qq.com/s/KVUQE2DUetNB2kqxHs0VDg
也可以參考 Lumen 官網(wǎng)
https://lumen.laravel-china.o...
總結(jié)
對獲取到 token 值 (eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vZGVtby5hcHAvYXV0aC9sb2dpbiIsImlhdCI6MTUxMDQ3NTQ5MiwiZXhwIjoxNTEwNDc5MDkyLCJuYmYiOjE1MTA0NzU0OTIsImp0aSI6Imx3UFpSMTN0MlV5eXRib1oiLCJzdWIiOjEsInBydiI6Ijg3ZTBhZjFlZjlmZDE1ODEyZmRlYzk3MTUzYTE0ZTBiMDQ3NTQ2YWEifQ.YTvsiO9MT3VgPZiI03v2sVEIsGLj8AUwJiDuXvCAvHI) 仔細觀察,就會發(fā)現(xiàn)中間是由兩個「.」來合并三段信息的�����。
下一步我們就來研究研究 JWT 的原理和也可以自己動手寫個基于 JWT 的 Lumen 認證插件出來�����。
「未完待續(xù)」
coding01 期待您繼續(xù)關(guān)注
也很感謝您能看到這了
文章版權(quán)歸作者所有�����,未經(jīng)允許請勿轉(zhuǎn)載,若此文章存在違規(guī)行為��,您可以聯(lián)系管理員刪除�����。
轉(zhuǎn)載請注明本文地址:http://systransis.cn/yun/26080.html
