laravel8におけるdingoとjwt認証の解析

composer require dingo/api

php artisan vendor:publish --provider="Dingo\Api\Provider\LaravelServiceProvider"

# dingo # API_SUBTYPE —— 项目的简称； API_SUBTYPE=lms # API_PREFIX —— 与 API_DOMAIN 二选一，路由的前缀，例如设置为 api API_PREFIX=api # 定义版本 API_VERSION=v1 # 是否开启调试模式 API_DEBUG=true

composer require tymon/jwt-auth

php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"

php artisan jwt:secret

'auth' => [ 'jwt' => 'Dingo\Api\Auth\Provider\JWT', ],

'defaults' => [ #注：这里修改改了默认的配置，默认是web 'guard' => 'api', 'passwords' => 'users', ], 'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'api' => [ 'driver' => 'jwt', 'provider' => 'users', 'hash' => false, ], ],

namespace App\Http\Middleware; use Closure; use Illuminate\Support\Facades\Auth; use Illuminate\Http\Request; use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException; use Tymon\JWTAuth\Exceptions\JWTException; use Tymon\JWTAuth\Exceptions\TokenExpiredException; use Tymon\JWTAuth\Http\Middleware\BaseMiddleware; class RefreshToken extends BaseMiddleware { /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle(Request $request, Closure $next) { // 检查此次请求中是否带有 token，如果没有则抛出异常。 $this->checkForToken($request); // 使用 try 包裹，以捕捉 token 过期所抛出的 TokenExpiredException 异常 try { // 检测用户的登录状态，如果正常则通过 if ($this->auth->parseToken()->authenticate()) { return $next($request); } throw new UnauthorizedHttpException('jwt-auth', '未登录'); } catch (TokenExpiredException $exception) { // 此处捕获到了 token 过期所抛出的 TokenExpiredException 异常，我们在这里需要做的是刷新该用户的 token 并将它添加到响应头中 try { // 刷新用户的 token $token = $this->auth->refresh(); // 使用一次性登录以保证此次请求的成功 Auth::guard('api') ->onceUsingId($this->auth->manager() ->getPayloadFactory() ->buildClaimsCollection() ->toPlainArray()['sub']); } catch (JWTException $exception) { // 如果捕获到此异常，即代表 refresh 也过期了，用户无法刷新令牌，需要重新登录。 throw new UnauthorizedHttpException('jwt-auth', $exception->getMessage()); } } // 在响应头中返回新的 token return $this->setAuthenticationHeader($next($request), $token); } }

 'datetime', ]; /** * 指示是否自动维护时间戳 * * @var bool */ public $timestamps = false; public function getJWTIdentifier() { return $this->getKey(); } public function getJWTCustomClaims() { return []; } } ?>

middleware('refresh.token', [ 'except' => [ 'login', ], ]); } /**用户登录 * @param Request $request * @return \Illuminate\Http\JsonResponse|void */ public function login(Request $request) { $phone = $request->get('phone'); $user = User::where('phone', $phone)->first(); // //attempt貌似无法验证其他字段,如需用其他字段鉴权使用login() // $credentials = request(['name','password']); // if (!$token = auth()->attempt($credentials)) { // return response()->json(['error' => 'Unauthorized'], 401); // } //只要是user实例就可以通过login鉴权 if (! $token = auth()->login($user)) { return response()->json([ "restful" => false, "message" => "账号错误", ]); } //获取用户信息 $user = $this->user(); $key = "user::info::".$user->id; //Redis缓存用户信息3600秒 Redis::set($key,serialize($user->original),"EX",3600); return $this->respondWithToken($token); } /**获取用户 * Get the authenticated User. * * @return \Illuminate\Http\JsonResponse */ public function user() { return response()->json(auth()->user()); } /**用户退出 * Log the user out (Invalidate the token). * * @return \Illuminate\Http\JsonResponse */ public function logout() { auth()->logout(); return response()->json(["message" => "退出成功"]); } /**用户登录状态刷新 * Refresh a token. * @return \Illuminate\Http\JsonResponse */ public function refresh() { return $this->respondWithToken(auth()->refresh()); } /**返回值 * @param $token * @return array */ protected function respondWithToken($token) { return [ 'access_token' => $token, 'token_type' => 'Bearer', 'expires_in' => auth()->factory()->getTTL() * 60, 'restful' => true ]; } }