[PHP知识库] 使用Laravel Passport身份验证创建REST API

开发: C++知识库 Java知识库 JavaScript Python PHP知识库人工智能区块链大数据移动开发嵌入式开发工具数据结构与算法开发测试游戏开发网络协议系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑笔记本显卡显示器固态硬盘硬盘耳机手机 iphone vivo oppo 小米华为单反装机图拉丁

-> PHP知识库 -> 使用Laravel Passport身份验证创建REST API -> 正文阅读

[PHP知识库]使用Laravel Passport身份验证创建REST API

1. 创建一个laravel项目

composer create-project --prefer-dist laravel/laravel passport

2. 安装passport包

composer require laravel/passport

3. 在 `config/app.php`添加服务提供者

'providers' => [
    //....
    Laravel\Passport\PassportServiceProvider::class,
]

4. 迁移和安装

在.env文件中设置数据库凭据。Laravel Passport 为我们数据库中需要的passport表提供了迁移。Passport Migrations 用于存储令牌和客户端信息。运行migration命令将表迁移到数据库。

php artisan migrate

生成秘密访问令牌所需的加密密钥。

php artisan passport:install

5. passprot配置

在App/Model/User.php中使用。将Laravel\Passport\HasApiTokenstrait添加到user模型中。

<?php

namespace App\Models;

use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use Laravel\Passport\HasApiTokens;

class User extends Authenticatable
{
    use HasApiTokens, Notifiable;

    /**
     * The attributes that are mass assignable.
     *
     * @var array
     */
    protected $fillable = [
        'name', 'email', 'password',
    ];

    /**
     * The attributes that should be hidden for arrays.
     *
     * @var array
     */
    protected $hidden = [
        'password', 'remember_token',
    ];
}

6. 配置AuthServiceProvider

将Passport::routes添加在AuthServiceProvider的 boot 方法中。这是app/Providers/AuthServiceProvider.php更改后的样子。

<?php

namespace App\Providers;

use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Laravel\Passport\Passport;

class AuthServiceProvider extends ServiceProvider
{
    /**
     * The policy mappings for the application.
     *
     * @var array
     */
    protected $policies = [
        'App\Models\Model' => 'App\Policies\ModelPolicy',
    ];

    /**
     * Register any authentication / authorization services.
     *
     * @return void
     */
    public function boot()
    {
        $this->registerPolicies();
        Passport::routes();
        //
    }
}

7. 配置/auth.php

    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],
        'api' => [
            'driver' => 'passport',
            'provider' => 'users',
        ],
    ],

8. 创建路由

Route::post('login', [\App\Http\Controllers\PassportController::class, 'login']);
Route::post('register', [\App\Http\Controllers\PassportController::class, 'register']);

Route::middleware('auth:api')->group(function () {
    Route::get('user', [\App\Http\Controllers\PassportController::class, 'details']);
});

9. 创建用于身份验证的控制器

php artisan make:controller PassportController

将以下代码拷贝到PassportController

<?php

namespace App\Http\Controllers;

use App\Models\User;
use Illuminate\Http\Request;

class PassportController extends Controller
{
    /**
     * Handles Registration Request
     *
     * @param Request $request
     * @return \Illuminate\Http\JsonResponse
     */
    public function register(Request $request)
    {
        $this->validate($request, [
            'name' => 'required|min:3',
            'email' => 'required|email|unique:users',
            'password' => 'required|min:6',
        ]);

        $user = User::create([
            'name' => $request->name,
            'email' => $request->email,
            'password' => bcrypt($request->password)
        ]);

        $token = $user->createToken('TutsForWeb')->accessToken;

        return response()->json(['token' => $token], 200);
    }

    /**
     * Handles Login Request
     *
     * @param Request $request
     * @return \Illuminate\Http\JsonResponse
     */
    public function login(Request $request)
    {
        $credentials = [
            'email' => $request->email,
            'password' => $request->password
        ];

        if (auth()->attempt($credentials)) {
            $token = auth()->user()->createToken('TutsForWeb')->accessToken;
            return response()->json(['token' => $token], 200);
        } else {
            return response()->json(['error' => 'UnAuthorised'], 401);
        }
    }

    /**
     * Returns Authenticated User Details
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function details()
    {
        return response()->json(['user' => auth()->user()], 200);
    }
}

9. 创建UnauthorizedException

php artisan make:exception UnauthorizedException

将代码拷贝到UnauthorizedException.php

<?php

namespace App\Exceptions;

use Exception;
use Illuminate\Http\JsonResponse;

class UnauthorizedException extends Exception
{
    /**
     * @var int http status code
     */
    protected $statusCode;

    protected $message;

    public function __construct($message = "Unauthorized", $code = 0, $statusCode = 401)
    {
        $this->statusCode = $statusCode;
        $this->message = $message;
        parent::__construct($message, $code);
    }

    public function render(): JsonResponse
    {
        return new JsonResponse($this->message, $this->statusCode);
    }
}

10. 修改 `app/Http/Middleware/Authenticate.php`

<?php

namespace App\Http\Middleware;

use App\Exceptions\UnauthorizedException;
use Illuminate\Auth\Middleware\Authenticate as Middleware;
use Illuminate\Http\Request;

class Authenticate extends Middleware
{
    /**
     * @param Request $request
     * @param array $guards
     * @throws UnauthorizedException
     */
    protected function unauthenticated($request, array $guards): void
    {
        throw new UnauthorizedException();
    }

}