JWT Auth使用Laravel 10的Laravel Passport 10
#php #laravel #jwt #authentication

composer require laravel/passport -W
php artisan migrate
php artisan passport:install

在用户模型中:

<?php

namespace App\Models;

...
use Laravel\Passport\HasApiTokens;

class User extends Authenticatable
{
    use HasApiTokens, HasFactory, Notifiable;

    ...
}

在config/auth.php中:

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],

    'api' => [
        'driver' => 'passport',
        'provider' => 'users',
    ],
],

php artisan passport:keys
php artisan vendor:publish --tag=passport-config

在AuthserviceProvider中添加了一个额外功能:

<?php
...
use Laravel\Passport\Passport;

class AuthServiceProvider extends ServiceProvider
{
    ...
    public function boot()
    {
        $this->registerPolicies();
        Passport::tokensExpireIn(now()->addDays(15));
    }
}

authcontroller:

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use App\Models\User;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Facades\Hash;

class AuthController extends Controller
{
    //
    protected $data = [];
    protected $rules = [];

    public function register(Request $request)
    {
        // Validate input
        $this->rules = [
            'name' => 'required',
            'email' => 'required|email|unique:users',
            'password' => 'required|min:6',
        ];
        $validator = Validator::make($request->all(), $this->rules);

        if($validator->fails())
        {
            return response()->json(['code'=>400, 'message'=>$validator->errors()], 200);
        }

        // Create new user
        User::create([
            'name' => $request->name,
            'email' => $request->email,
            'password' => Hash::make($request->password),
        ]);

        return response()->json(['code'=>200, 'message' => 'Registered Successfully!', 'data'=>$this->data], 200);
    }

    public function login(Request $request)
    {
        // Validate input
        $this->rules = [
            'email' => 'required|email',
            'password' => 'required',
        ];
        $validator = Validator::make($request->all(), $this->rules);

        if($validator->fails())
            return response()->json(['code'=>400, 'message'=>$validator->errors()], 200);

        // Attempt to authenticate
        if (Auth::attempt(['email' => $request->email, 'password' => $request->password])) {
            // Issue access token
            $this->data['token'] = 'Bearer '.auth()->user()->createToken('TestProject', ['*'])->accessToken;

            return response()->json(['code'=>200, 'message' => 'Sign in successful!', 'data'=>$this->data], 200);
        }
        else
            return response()->json(['code'=>200, 'message'=>'Creds not matching!', 'data'=>$this->data], 200);

    }

    public function user()
    {
        // Retrieve the authenticated user
        $this->data['user'] = auth()->user();
        if($this->data['user'] == null)
            return response()->json(['code'=>200, 'message'=>'Invalid Token', 'data'=>$this->data], 200);

        return response()->json(['code'=>200, 'message' => 'Records retrieved!', 'data'=>$this->data], 200);
    }

    public function logout () 
    {
        $token = auth()->user()->token();
        $token->revoke();
        return response()->json(['code'=>200, 'message'=>'You have been successfully logged out!', 'data'=>$this->data], 200);
    }
}

在拨打API时,在标题接受密钥中发送申请/JSON始终是一个好主意,因为如果承载者令牌不匹配,它将返回以下内容:

{
    "message": "Unauthenticated."
}

btw默认邮递员将通过em>/在header's Accept键中传递,该密钥将丢弃以下错误或呈现/登录页面:

Route [login] not defined. in file

以上代码可以在Authenticate Middleware

中找到