登录、认证及授权
令牌方式:
Authorization: Bearer {yourtokenhere}
?token=yourtokenhere
- 安装扩展包
$ composer require tymon/jwt-auth
- 发布配置文件(限5.5+)
$ php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"
这里创建一个 config/jwt.php 文件。
- 生成安全密钥
$ php artisan jwt:secret
- 配置说明
<?php
/*
* This file is part of jwt-auth.
*
* (c) Sean Tymon <tymon148@gmail.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
return [
/*
* |--------------------------------------------------------------------------
* | JWT认证密钥
* |--------------------------------------------------------------------------
* |
* | Don't forget to set this, as it will be used to sign your tokens.
* | A helper command is provided for this: `php artisan jwt:generate`
* |
*/
'secret' => env('JWT_SECRET', 'H3HLg3cuQAmeVN3oLHdcLFWEekP6ceJ5'),
/*
|--------------------------------------------------------------------------
| token有效期(分钟)
|--------------------------------------------------------------------------
|
| Specify the length of time (in minutes) that the token will be valid for.
| Defaults to 1 hour
|
*/
'ttl' => 10080,
/*
|--------------------------------------------------------------------------
| 刷新token时间(分钟)
|--------------------------------------------------------------------------
|
| Specify the length of time (in minutes) that the token can be refreshed
| within. I.E. The user can refresh their token within a 2 week window of
| the original token being created until they must re-authenticate.
| Defaults to 2 weeks
|
*/
'refresh_ttl' => 1440,
/*
|--------------------------------------------------------------------------
| token签名算法
|--------------------------------------------------------------------------
|
| Specify the hashing algorithm that will be used to sign the token.
|
| See here: https://github.com/namshi/jose/tree/2.2.0/src/Namshi/JOSE/Signer
| for possible values
|
*/
'algo' => 'HS256',
/*
|--------------------------------------------------------------------------
| 指向用户模型的命名空间路径
|--------------------------------------------------------------------------
|
| Specify the full namespace to your User model.
| e.g. 'Acme\Entities\User'
|
*/
'user' => 'App\Models\User',
/*
|--------------------------------------------------------------------------
| 用于从token的sub中获取用户唯一标识
|--------------------------------------------------------------------------
|
| Specify a unique property of the user that will be added as the 'sub'
| claim of the token payload.
|
*/
'identifier' => 'id',
/*
|--------------------------------------------------------------------------
| 必须出现在token的payload中的选项,否则会抛出TokenInvalidException异常
|--------------------------------------------------------------------------
|
| Specify the required claims that must exist in any token.
| A TokenInvalidException will be thrown if any of these claims are not
| present in the payload.
|
| 该JWT的签发者
| 在什么时候签发的token
| token什么时候过期
| token在此时间之前不能被接收处理
| 该JWT所面向的用户
| JWT ID为web token提供唯一标识
*/
'required_claims' => [
'iss',
'iat',
'exp',
'nbf',
'sub',
'jti'
],
/*
* |--------------------------------------------------------------------------
* | 如果该选项被设置为false,那么我们将不能废止token,即使我们刷新了token,前一个token仍然有效
* |--------------------------------------------------------------------------
* |
* | In order to invalidate tokens, you must have the blacklist enabled.
* | If you do not want or need this functionality, then set this to false.
* |
*/
'blacklist_enabled' => env('JWT_BLACKLIST_ENABLED', true),
/*
|--------------------------------------------------------------------------
| 完成各种任务的具体实现
|--------------------------------------------------------------------------
|
| Specify the various providers used throughout the package.
|
*/
'providers' => [
/*
* |--------------------------------------------------------------------------
* | 基于sub获取用户的实现
* |--------------------------------------------------------------------------
* |
* | Specify the provider that is used to find the user based
* | on the subject claim
* |
*/
'user' => 'Tymon\JWTAuth\Providers\User\EloquentUserAdapter',
/*
|--------------------------------------------------------------------------
| 加密/解密token
|--------------------------------------------------------------------------
|
| Specify the provider that is used to create and decode the tokens.
|
*/
'jwt' => 'Tymon\JWTAuth\Providers\JWT\NamshiAdapter',
/*
|--------------------------------------------------------------------------
| 通过证书/ID获取认证用户
|--------------------------------------------------------------------------
|
| Specify the provider that is used to authenticate users.
|
*/
'auth' => 'Tymon\JWTAuth\Providers\Auth\IlluminateAuthAdapter',
/*
|--------------------------------------------------------------------------
| 存储token直到它们失效
|--------------------------------------------------------------------------
|
| Specify the provider that is used to store tokens in the blacklist
|
*/
'storage' => 'Tymon\JWTAuth\Providers\Storage\IlluminateCacheAdapter'
]
];
- 修改用户模型
<?php
namespace App\Models;
use Illuminate\Auth\Authenticatable;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\SoftDeletes;
use Illuminate\Auth\Passwords\CanResetPassword;
use Illuminate\Foundation\Auth\Access\Authorizable;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Contracts\Auth\Access\Authorizable as AuthorizableContract;
use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;
class User extends Model implements AuthenticatableContract, AuthorizableContract, CanResetPasswordContract
{
use Authenticatable, Authorizable, CanResetPassword, SoftDeletes;
protected $table = 'users';
protected $primaryKey = 'id';
public $timestamps = true;
protected $guarded = [
'deleted_at'
];
protected $dates = [
'created_at',
'updated_at',
'deleted_at'
];
protected $hidden = [
'deleted_at',
'created_at',
'updated_at',
'password'
];
}
- 创建认证中间件
<?php
namespace App\Http\Middleware;
use Closure;
use Tymon\JWTAuth\JWTAuth;
use Tymon\JWTAuth\Exceptions\JWTException;
use Tymon\JWTAuth\Exceptions\TokenExpiredException;
use Illuminate\Contracts\Events\Dispatcher;
class AuthToken
{
// JWTAuth
protected $auth;
// 事件
protected $events;
/**
* 创建一个新的实例
*
* @param \Tymon\JWTAuth\JWTAuth $auth
*/
public function __construct(Dispatcher $events, JWTAuth $auth)
{
$this->auth = $auth;
$this->events = $events;
}
/**
* 前置处理请求
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$token = $this->auth->getToken();
try {
$user = $this->auth->authenticate($token);
if (! empty($user->company_id)) {
// 认证成功
}
} catch (TokenExpiredException $e) {
// token 已过期
throw new ApiException(ApiException::TOKEN_EXPIRED);
} catch (JWTException $e) {
// 无效的token
throw new ApiException(ApiException::INVALID_TOKEN);
}
if (! $user) {
// 用户不存在
throw new ApiException(ApiException::USER_NOT_EXIST);
}
$this->events->fire('tymon.jwt.valid', $user);
return $next($request);
}
}
用户认证示例
获取 token
use Tymon\JWTAuth\JWTAuth;
use Tymon\JWTAuth\Exceptions\JWTException;
use Tymon\JWTAuth\Exceptions\TokenExpiredException;
try {
$credentials['username'] = 1;
$credentials['password'] = 2;
if (! $token = $this->auth->attempt($where)) {
// 用户名或密码不正确
throw new ApiException(ApiException::LOGIN_FAIL);
}
} catch (JWTException $e) {
// 创建token失败或api签名失败
}
return $token;
- 刷新 token
try {
// 更新token
$token = $this->auth->setToken($oldToken)->refresh();
} catch (TokenExpiredException $e) {
// token已过期
throw new ApiException(ApiException::TOKEN_EXPIRED);
} catch (JWTException $e) {
// 无效的token
throw new ApiException(ApiException::INVALID_TOKEN);
}
// 将刷新的令牌发送回客户端
// response()->headers->set('Authorization', 'Bearer ' . $token);
return $token;
