优化认证
This commit is contained in:
parent
e8837c37a1
commit
59e3ddb9c1
|
@ -18,6 +18,7 @@ class UserController extends Controller
|
||||||
//3个用户为一页
|
//3个用户为一页
|
||||||
$users = User::paginate(3);
|
$users = User::paginate(3);
|
||||||
return UserResource::collection($users);
|
return UserResource::collection($users);
|
||||||
|
return $users;
|
||||||
}
|
}
|
||||||
//返回单一用户信息
|
//返回单一用户信息
|
||||||
public function show(User $user){
|
public function show(User $user){
|
||||||
|
@ -39,7 +40,7 @@ class UserController extends Controller
|
||||||
}
|
}
|
||||||
//用户登录
|
//用户登录
|
||||||
public function login(Request $request){
|
public function login(Request $request){
|
||||||
$token=Auth::claims(['type'=>'api'])->attempt(['name'=>$request->name,'password'=>$request->password]);
|
$token=Auth::claims(['guard'=>'api'])->attempt(['name'=>$request->name,'password'=>$request->password]);
|
||||||
if($token) {
|
if($token) {
|
||||||
//如果登陆,先检查原先是否有存token,有的话先失效,然后再存入最新的token
|
//如果登陆,先检查原先是否有存token,有的话先失效,然后再存入最新的token
|
||||||
$user = Auth::user();
|
$user = Auth::user();
|
||||||
|
|
|
@ -1,76 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
namespace App\Http\Middleware\Api;
|
|
||||||
|
|
||||||
use App\Jobs\Api\SaveLastTokenJob;
|
|
||||||
use Auth;
|
|
||||||
use Closure;
|
|
||||||
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
|
|
||||||
use Tymon\JWTAuth\Exceptions\JWTException;
|
|
||||||
use Tymon\JWTAuth\Exceptions\TokenExpiredException;
|
|
||||||
use Tymon\JWTAuth\Exceptions\TokenInvalidException;
|
|
||||||
use Tymon\JWTAuth\Http\Middleware\BaseMiddleware;
|
|
||||||
|
|
||||||
// 注意,我们要继承的是 jwt 的 BaseMiddleware
|
|
||||||
class RefreshAdminTokenMiddleware extends BaseMiddleware
|
|
||||||
{
|
|
||||||
/**
|
|
||||||
* Handle an incoming request.
|
|
||||||
*
|
|
||||||
* @param \Illuminate\Http\Request $request
|
|
||||||
* @param \Closure $next
|
|
||||||
*
|
|
||||||
* @throws \Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException
|
|
||||||
*
|
|
||||||
* @return mixed
|
|
||||||
* @throws TokenInvalidException
|
|
||||||
*/
|
|
||||||
public function handle($request, Closure $next)
|
|
||||||
{
|
|
||||||
// 检查此次请求中是否带有 token,如果没有则抛出异常。
|
|
||||||
$this->checkForToken($request);
|
|
||||||
|
|
||||||
//1. 格式通过,验证是否是专属于这个的token
|
|
||||||
|
|
||||||
//获取当前守护的名称
|
|
||||||
$present_guard = Auth::getDefaultDriver();
|
|
||||||
|
|
||||||
//获取当前token
|
|
||||||
$token=Auth::getToken();
|
|
||||||
|
|
||||||
//即使过期了,也能获取到token里的 载荷 信息。
|
|
||||||
$payload = Auth::manager()->getJWTProvider()->decode($token->get());
|
|
||||||
|
|
||||||
//如果不包含guard字段或者guard所对应的值与当前的guard守护值不相同
|
|
||||||
//证明是不属于当前guard守护的token
|
|
||||||
if(empty($payload['guard'])||$payload['guard']!=$present_guard){
|
|
||||||
throw new TokenInvalidException();
|
|
||||||
}
|
|
||||||
//使用 try 包裹,以捕捉 token 过期所抛出的 TokenExpiredException 异常
|
|
||||||
//2. 此时进入的都是属于当前guard守护的token
|
|
||||||
try {
|
|
||||||
// 检测用户的登录状态,如果正常则通过
|
|
||||||
if ($this->auth->parseToken()->authenticate()) {
|
|
||||||
return $next($request);
|
|
||||||
}
|
|
||||||
throw new UnauthorizedHttpException('jwt-auth', '未登录');
|
|
||||||
} catch (TokenExpiredException $exception) {
|
|
||||||
// 3. 此处捕获到了 token 过期所抛出的 TokenExpiredException 异常,我们在这里需要做的是刷新该用户的 token 并将它添加到响应头中
|
|
||||||
try {
|
|
||||||
// 刷新用户的 token
|
|
||||||
$token = $this->auth->refresh();
|
|
||||||
// 使用一次性登录以保证此次请求的成功
|
|
||||||
Auth::onceUsingId($this->auth->manager()->getPayloadFactory()->buildClaimsCollection()->toPlainArray()['sub']);
|
|
||||||
//刷新了token,将token存入数据库
|
|
||||||
$user = Auth::user();
|
|
||||||
SaveLastTokenJob::dispatch($user,$token);
|
|
||||||
} catch (JWTException $exception) {
|
|
||||||
// 如果捕获到此异常,即代表 refresh 也过期了,用户无法刷新令牌,需要重新登录。
|
|
||||||
throw new UnauthorizedHttpException('jwt-auth', $exception->getMessage());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// 在响应头中返回新的 token
|
|
||||||
return $this->setAuthenticationHeader($next($request), $token);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -24,6 +24,7 @@ class RefreshTokenMiddleware extends BaseMiddleware
|
||||||
* @throws \Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException
|
* @throws \Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException
|
||||||
*
|
*
|
||||||
* @return mixed
|
* @return mixed
|
||||||
|
* @throws TokenInvalidException
|
||||||
*/
|
*/
|
||||||
public function handle($request, Closure $next)
|
public function handle($request, Closure $next)
|
||||||
{
|
{
|
||||||
|
@ -39,7 +40,6 @@ class RefreshTokenMiddleware extends BaseMiddleware
|
||||||
|
|
||||||
//即使过期了,也能获取到token里的 载荷 信息。
|
//即使过期了,也能获取到token里的 载荷 信息。
|
||||||
$payload = Auth::manager()->getJWTProvider()->decode($token->get());
|
$payload = Auth::manager()->getJWTProvider()->decode($token->get());
|
||||||
|
|
||||||
//如果不包含guard字段或者guard所对应的值与当前的guard守护值不相同
|
//如果不包含guard字段或者guard所对应的值与当前的guard守护值不相同
|
||||||
//证明是不属于当前guard守护的token
|
//证明是不属于当前guard守护的token
|
||||||
if(empty($payload['guard'])||$payload['guard']!=$present_guard){
|
if(empty($payload['guard'])||$payload['guard']!=$present_guard){
|
||||||
|
|
|
@ -14,15 +14,14 @@ use Illuminate\Http\Request;
|
||||||
*/
|
*/
|
||||||
|
|
||||||
Route::namespace('Api')->prefix('v1')->middleware('cors')->group(function () {
|
Route::namespace('Api')->prefix('v1')->middleware('cors')->group(function () {
|
||||||
|
Route::get('/test', 'UserController@test')->name('users.test');
|
||||||
|
Route::middleware('api.guard')->group(function () {
|
||||||
//用户注册
|
//用户注册
|
||||||
Route::post('/users', 'UserController@store')->name('users.store');
|
Route::post('/users', 'UserController@store')->name('users.store');
|
||||||
//用户登录
|
//用户登录
|
||||||
Route::post('/login', 'UserController@login')->name('users.login');
|
Route::post('/login', 'UserController@login')->name('users.login');
|
||||||
Route::get('/test', 'UserController@test')->name('users.test');
|
|
||||||
Route::middleware('api.guard')->group(function () {
|
|
||||||
Route::middleware('api.refresh')->group(function () {
|
Route::middleware('api.refresh')->group(function () {
|
||||||
|
|
||||||
|
|
||||||
//当前用户信息
|
//当前用户信息
|
||||||
Route::get('/users/info', 'UserController@info')->name('users.info');
|
Route::get('/users/info', 'UserController@info')->name('users.info');
|
||||||
//用户列表
|
//用户列表
|
||||||
|
@ -38,7 +37,7 @@ Route::namespace('Api')->prefix('v1')->middleware('cors')->group(function () {
|
||||||
Route::post('/admins', 'AdminController@store')->name('admins.store');
|
Route::post('/admins', 'AdminController@store')->name('admins.store');
|
||||||
//管理员登录
|
//管理员登录
|
||||||
Route::post('/admin/login', 'AdminController@login')->name('admins.login');
|
Route::post('/admin/login', 'AdminController@login')->name('admins.login');
|
||||||
Route::middleware('admin.refresh')->group(function () {
|
Route::middleware('api.refresh')->group(function () {
|
||||||
//当前管理员信息
|
//当前管理员信息
|
||||||
Route::get('/admins/info', 'AdminController@info')->name('admins.info');
|
Route::get('/admins/info', 'AdminController@info')->name('admins.info');
|
||||||
//管理员列表
|
//管理员列表
|
||||||
|
|
Loading…
Reference in New Issue