Laravel Token repository?

Laravel Token repository?

In Laravel, Token is often used for authentication. A token is essentially an encrypted string that is usually assigned by the server to the client and carried with every request from the client to verify its identity. So the question is, does Laravel's Token need to be stored in the database?

The answer is not necessarily. In some simple applications, we can directly store the Token on the client in the form of a cookie or session for authentication. However, if we need to implement some more complex services, such as cross-device login, multi-device synchronization, etc., we need to store the Token in the database for effective management.

There are many different implementation methods for Laravel's Token storage method. Two common ways will be introduced below:

1. Storing Token into the user table

This is the simplest way. When a user registers or logs in, the server generates a Token and stores it in the user table. Every time a user logs in, we can retrieve the user's Token from the database for authentication.

$user = User::where('email', $email)->first();

if ($user && Hash::check($password, $user->password)) {
    // 验证成功，将 Token 存储到数据库中
    $user->api_token = Str::random(60);
    $user->save();

    return response()->json([
        'status' => 'success',
        'message' => 'Authentication successfully!',
        'token' => $user->api_token,
    ]);
}

The advantage of this method is that it is simple to implement and easy to understand. But if there are more and more Tokens, the efficiency of querying user data will decrease. Therefore, it is not suitable if the number of users is large.

2. Storing Tokens in a separate token table

This method stores Tokens in a separate table, and each Token is associated with a user ID. When a user logs in, the server generates a Token for the user and then stores the Token in the token table.

$token = [
    'access_token' => hash('sha256', Str::random(60)),
    'token_type' => 'Bearer',
    'expires_in' => 3600,
    'refresh_token' => hash('sha256', Str::random(60)),
    'user_id' => $user->id,
];

DB::table('tokens')->insert($token);

return response()->json([
    'status' => 'success',
    'message' => 'Authentication successfully!',
    'token' => $token['access_token'],
]);

In the interface that requires authentication, we can get the user's ID from the Token sent by the client, and then query the token table to see if there is a Token associated with the user ID.

$token = DB::table('tokens')
    ->where('access_token', $access_token)
    ->where('user_id', $user_id)
    ->first();

if ($token) {
    // Token 验证通过
}

This method is relatively flexible, easy to expand, and has high query efficiency.

To sum up, Laravel’s Token storage methods vary according to business needs, and you can choose different implementation methods according to specific situations. It should be noted that if stored in the database, expired Tokens must be cleaned up in time to avoid unnecessary waste of resources.

The above is the detailed content of Laravel Token repository?. For more information, please follow other related articles on the PHP Chinese website!