composer require laravel/passport -W
php artisan migrate
php artisan passport:install
在用户模型中:
<?php
namespace App\Models;
...
use Laravel\Passport\HasApiTokens;
class User extends Authenticatable
{
use HasApiTokens, HasFactory, Notifiable;
...
}
在config/auth.php中:
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
php artisan passport:keys
php artisan vendor:publish --tag=passport-config
在AuthserviceProvider中添加了一个额外功能:
<?php
...
use Laravel\Passport\Passport;
class AuthServiceProvider extends ServiceProvider
{
...
public function boot()
{
$this->registerPolicies();
Passport::tokensExpireIn(now()->addDays(15));
}
}
authcontroller:
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Models\User;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Facades\Hash;
class AuthController extends Controller
{
//
protected $data = [];
protected $rules = [];
public function register(Request $request)
{
// Validate input
$this->rules = [
'name' => 'required',
'email' => 'required|email|unique:users',
'password' => 'required|min:6',
];
$validator = Validator::make($request->all(), $this->rules);
if($validator->fails())
{
return response()->json(['code'=>400, 'message'=>$validator->errors()], 200);
}
// Create new user
User::create([
'name' => $request->name,
'email' => $request->email,
'password' => Hash::make($request->password),
]);
return response()->json(['code'=>200, 'message' => 'Registered Successfully!', 'data'=>$this->data], 200);
}
public function login(Request $request)
{
// Validate input
$this->rules = [
'email' => 'required|email',
'password' => 'required',
];
$validator = Validator::make($request->all(), $this->rules);
if($validator->fails())
return response()->json(['code'=>400, 'message'=>$validator->errors()], 200);
// Attempt to authenticate
if (Auth::attempt(['email' => $request->email, 'password' => $request->password])) {
// Issue access token
$this->data['token'] = 'Bearer '.auth()->user()->createToken('TestProject', ['*'])->accessToken;
return response()->json(['code'=>200, 'message' => 'Sign in successful!', 'data'=>$this->data], 200);
}
else
return response()->json(['code'=>200, 'message'=>'Creds not matching!', 'data'=>$this->data], 200);
}
public function user()
{
// Retrieve the authenticated user
$this->data['user'] = auth()->user();
if($this->data['user'] == null)
return response()->json(['code'=>200, 'message'=>'Invalid Token', 'data'=>$this->data], 200);
return response()->json(['code'=>200, 'message' => 'Records retrieved!', 'data'=>$this->data], 200);
}
public function logout ()
{
$token = auth()->user()->token();
$token->revoke();
return response()->json(['code'=>200, 'message'=>'You have been successfully logged out!', 'data'=>$this->data], 200);
}
}
在拨打API时,在标题接受密钥中发送申请/JSON始终是一个好主意,因为如果承载者令牌不匹配,它将返回以下内容:
{
"message": "Unauthenticated."
}
btw默认邮递员将通过em>/在header's Accept键中传递,该密钥将丢弃以下错误或呈现/登录页面:
Route [login] not defined. in file
以上代码可以在Authenticate Middleware
中找到