Laravel5.5+dingo+JWT 开发后台 API
个人github博客:zgxxx.github.io/php
dingo api 中文文档: www.bookstack.cn/read/dingo-… Laravel中使用JWT:laravel-china.org/articles/10… 辅助文章: www.jianshu.com/p/62b0c4d75…laravel
参考https://www.jianshu.com/p/62b0c4d75e59 这篇文章基本就能搭建出环境,我使用的版本跟他同样 "dingo/api": "2.0.0-alpha1","tymon/jwt-auth": "^1.0.0-rc.1",不知作别的版本有啥大的区别,可是网上找的其余一些文章使用的是旧的版本,jwt封装的东西路径可能不同,可能会保错,有些文档还说要手动添加Tymon\JWTAuth\Providers\LaravelServiceProvider::class和Dingo\Api\Provider\LaravelServiceProvider::class,其实新版本不须要。git
1. composer.json引入包,执行composer update:
"require": {
......
"dingo/api": "2.0.0-alpha1",
"tymon/jwt-auth": "^1.0.0-rc.1"
},
复制代码
2. 执行下面两个语句自动生成dingo和jwt的配置文件:
php artisan vendor:publish --provider="Dingo\Api\Provider\LaravelServiceProvider"
//config文件夹中生成dingo配置文件---> api.php
复制代码
php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"
//config文件夹中生成dingo配置文件---> jwt.php
复制代码
3. 配置 .env
具体配置可参考 文档https://www.bookstack.cn/read/dingo-api-wiki-zh/Configuration.md ,个人配置是github
API_STANDARDS_TREE=vnd
API_PREFIX=api
API_VERSION=v1
API_DEBUG=true
API_SUBTYPE=myapp
复制代码
还需在命令行执行 php artisan jwt:secret,会在.env自动添加JWT_SECRET,其余若须要,能够到各类的配置文件中看,在.env添加便可web
4. 关键处理
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'jwt',
'provider' => 'users',
],
],
复制代码
这里须要把api本来的driver => session 改成使用jwt机制,provider对应你要用的用户认证表,通常就是登陆注册那张表json
<?php
namespace App\Models;
use Tymon\JWTAuth\Contracts\JWTSubject;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable implements JWTSubject {
use Notifiable;
/** * The attributes that are mass assignable. * * @var array */
protected $fillable = [
'name', 'email', 'password', 'unionid'
];
/** * The attributes that should be hidden for arrays. * * @var array */
protected $hidden = [
'password', 'remember_token',
];
// Rest omitted for brevity
/** * Get the identifier that will be stored in the subject claim of the JWT. * * @return mixed */
public function getJWTIdentifier() {
return $this->getKey();
}
/** * Return a key value array, containing any custom claims to be added to the JWT. * * @return array */
public function getJWTCustomClaims() {
return [];
}
}
复制代码
5. 设置控制器
考虑到可能后面须要开发不一样版本api,因此在app/Http/Controller下创建了V1,V2目录,根据你本身的需求来,只要写好命名空间就ok 小程序
<?php
/** * Date: 17/10/12 * Time: 01:07 */
namespace App\Http\Controllers\V1;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Validator;
use App\User;
class AuthController extends Controller {
protected $guard = 'api';//设置使用guard为api选项验证,请查看config/auth.php的guards设置项,重要!
/** * Create a new AuthController instance. * * @return void */
public function __construct() {
$this->middleware('refresh', ['except' => ['login','register']]);
}
public function test(){
echo "test!!";
}
public function register(Request $request) {
$rules = [
'name' => ['required'],
'email' => ['required'],
'password' => ['required', 'min:6', 'max:16'],
];
$payload = $request->only('name', 'email', 'password');
$validator = Validator::make($payload, $rules);
// 验证格式
if ($validator->fails()) {
return $this->response->array(['error' => $validator->errors()]);
}
// 建立用户
$result = User::create([
'name' => $payload['name'],
'email' => $payload['email'],
'password' => bcrypt($payload['password']),
]);
if ($result) {
return $this->response->array(['success' => '建立用户成功']);
} else {
return $this->response->array(['error' => '建立用户失败']);
}
}
/** * Get a JWT token via given credentials. * * @param \Illuminate\Http\Request $request * * @return \Illuminate\Http\JsonResponse */
public function login(Request $request) {
$credentials = $request->only('email', 'password');
if ($token = $this->guard()->attempt($credentials)) {
return $this->respondWithToken($token);
}
return $this->response->errorUnauthorized('登陆失败');
}
/** * Get the authenticated User * * @return \Illuminate\Http\JsonResponse */
public function me() {
//return response()->json($this->guard()->user());
return $this->response->array($this->guard()->user());
}
/** * Log the user out (Invalidate the token) * * @return \Illuminate\Http\JsonResponse */
public function logout() {
$this->guard()->logout();
//return response()->json(['message' => 'Successfully logged out']);
return $this->response->array(['message' => '退出成功']);
}
/** * Refresh a token. * * @return \Illuminate\Http\JsonResponse */
public function refresh() {
return $this->respondWithToken($this->guard()->refresh());
}
/** * Get the token array structure. * * @param string $token * * @return \Illuminate\Http\JsonResponse */
protected function respondWithToken($token) {
return response()->json([
'access_token' => $token,
'token_type' => 'bearer',
'expires_in' => $this->guard()->factory()->getTTL() * 60
]);
}
/** * Get the guard to be used during authentication. * * @return \Illuminate\Contracts\Auth\Guard */
public function guard() {
return Auth::guard($this->guard);
}
}
复制代码
控制器中命名空间namespace须要设置好,路由的时候须要用到,
$this->middleware('refresh', ['except' => ['login','register']]);这里的中间件使用的是网上找的,用于无痛刷新jwt的token,具体能够参考这篇文章:www.jianshu.com/p/9e95a5f8a…api
6. refresh中间件
<?php
namespace App\Http\Middleware;
use Closure;
use Tymon\JWTAuth\Exceptions\JWTException;
use Tymon\JWTAuth\Http\Middleware\BaseMiddleware;
use Tymon\JWTAuth\Exceptions\TokenExpiredException;
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
class RefreshToken extends BaseMiddleware {
/** * @author: zhaogx * @param $request * @param Closure $next * @return \Illuminate\Http\JsonResponse|\Illuminate\Http\Response|mixed * @throws JWTException */
public function handle($request, Closure $next) {
// 检查这次请求中是否带有 token,若是没有则抛出异常。
$this->checkForToken($request);
// 使用 try 包裹,以捕捉 token 过时所抛出的 TokenExpiredException 异常
try {
// 检测用户的登陆状态,若是正常则经过
if ($this->auth->parseToken()->authenticate()) {
return $next($request);
}
throw new UnauthorizedHttpException('jwt-auth', '未登陆');
} catch (TokenExpiredException $exception) {
// 此处捕获到了 token 过时所抛出的 TokenExpiredException 异常,咱们在这里须要作的是刷新该用户的 token 并将它添加到响应头中
try {
// 刷新用户的 token
$token = $this->auth->refresh();
// 使用一次性登陆以保证这次请求的成功
\Auth::guard('api')->onceUsingId($this->auth->manager()->getPayloadFactory()->buildClaimsCollection()->toPlainArray()['sub']);
} catch (JWTException $exception) {
// 若是捕获到此异常,即表明 refresh 也过时了,用户没法刷新令牌,须要从新登陆。
throw new UnauthorizedHttpException('jwt-auth', $exception->getMessage());
}
}
return $next($request)->withHeaders([
'Authorization'=> 'Bearer '.$token,
]);
}
}
复制代码
写好中间件后须要在app/Http/Kernel.php中注入 protected $routeMiddleware = [ ...... 'refresh' => RefreshToken::class, ];session
7. routes/api.php 设置路由
$api = app('Dingo\Api\Routing\Router');
$api->version('v1', ['namespace' => 'App\Http\Controllers\V1'], function ($api) {
$api->post('register', 'AuthController@register');
$api->post('login', 'AuthController@login');
$api->post('logout', 'AuthController@logout');
$api->post('refresh', 'AuthController@refresh');
$api->post('me', 'AuthController@me');
$api->get('test', 'AuthController@test');
});
复制代码
这里有个坑,不要这样写
根据以上几个步骤就能够创建起简单的api后台基础,获取api路由列表可使用命令行: php artisan api:routes routes:list貌似没法显示以上api路由,须要在api.php那里再写一遍原始的laravel路由定义才能够显示:好比这样Route::post('api/test', 'AuthController@test');后续会用另外一篇幅来记录postman和小程序相关知识