您好,登錄后才能下訂單哦!
這篇文章主要講解了“Larave框架如何通過sanctum進(jìn)行API鑒權(quán)”,文中的講解內(nèi)容簡單清晰,易于學(xué)習(xí)與理解,下面請(qǐng)大家跟著小編的思路慢慢深入,一起來研究和學(xué)習(xí)“Larave框架如何通過sanctum進(jìn)行API鑒權(quán)”吧!
1.使用laravel框架進(jìn)行用戶的登錄,注冊(cè),認(rèn)證
2.前后端分離的情況下,用戶請(qǐng)求接口,使用API token進(jìn)行認(rèn)證
composer create-project laravel/laravel example-app
cd example-app
php artisan serve
此時(shí),通過訪問http://127.0.0.1:8000就可以看到訪問成功了
接下來安裝laravel官方的擴(kuò)展包Sanctum
,以達(dá)到目標(biāo)
composer require laravel/sanctum
接下來,你需要使用 vendor:publish Artisan 命令發(fā)布 Sanctum 的配置和遷移文件。Sanctum 的配置文件將會(huì)保存在 config 文件夾中:
php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
然后需要修改.env文件文件里面的數(shù)據(jù)庫配置,改為:
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=caixin
DB_USERNAME=root
DB_PASSWORD=root
最后,您應(yīng)該運(yùn)行數(shù)據(jù)庫遷移。 Sanctum 將創(chuàng)建一個(gè)數(shù)據(jù)庫表來存儲(chǔ) API 令牌:
php artisan migrate
接下來,如果您想利用 Sanctum 對(duì) SPA 進(jìn)行身份驗(yàn)證,您應(yīng)該將 Sanctum 的中間件添加到您應(yīng)用的 app/Http/Kernel.php 文件中的 api 中間件組中:
'api' => [ \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class, 'throttle:api', \Illuminate\Routing\Middleware\SubstituteBindings::class, ],
此時(shí)查看app/Models/User.php
文件,User 模型應(yīng)使用 Laravel\Sanctum\HasApiTokens trait:
use Laravel\Sanctum\HasApiTokens; class User extends Authenticatable { use HasApiTokens, HasFactory, Notifiable; }
此時(shí),在數(shù)據(jù)庫中的user表中隨便加入一條數(shù)據(jù)
INSERT INTO `users` (`id`, `name`, `email`, `email_verified_at`, `password`, `remember_token`, `created_at`, `updated_at`) VALUES (1, 'java0904', '2954245@qq.com', NULL, '', NULL, NULL, NULL);
此時(shí)在routes/api.php
中配置路由,來獲取token
Route::middleware('auth:sanctum')->get('/user', function (Request $request) { return $request->user(); }); Route::post('/tokens/create', function (Request $request) { $user = \App\Models\User::find(1); 模擬登陸,此時(shí),會(huì)將用戶的session存儲(chǔ),但是實(shí)際通過API認(rèn)證的時(shí)候,此處用不到 // \Illuminate\Support\Facades\Auth::login($user); $token =$user->createToken($user->name); return ['token' => $token->plainTextToken]; })->withoutMiddleware('auth:sanctum');
此時(shí)訪問http://127.0.0.1:8000/api/tokens/create,就可以拿到了token
curl方式
curl -d '' http://127.0.0.1:8000/api/tokens/create {"token":"7|ZbSuwu7UBDeQjvXx6iNUCcZJKsbSSO6nctmqLjDq"}
不帶token
此時(shí),來訪問其他API接口,都需要帶上Authorization token才能訪問了,否則,會(huì)出現(xiàn)如下異常
帶上token
此時(shí),把token帶上,效果如下
curl測試
curl -H 'Authorization: Bearer 7|ZbSuwu7UBDeQjvXx6iNUCcZJKsbSSO6nctmqLjDq' http://local.app.com/api/user {"id":1,"name":"java0904","email":"295424581@qq.com","email_verified_at":null,"created_at":null,"updated_at":null}
postman測試
app/Providers/RouteServiceProvider.php 這個(gè)文件的作用以及核心代碼分析
<?php class RouteServiceProvider extends ServiceProvider { public function boot() { $this->configureRateLimiting(); $this->routes(function () { //routes/api.php這個(gè)路由文件里面的路由,默認(rèn)都會(huì)使用api中間件,并且路由前綴是/api Route::prefix('api') // ->middleware(['api'])//這里是默認(rèn)的中間件,默認(rèn)只有一個(gè) //這里我加上了auth:sanctum這個(gè)中間件,作為全局使用,就不用為每個(gè)路由加上這個(gè)中間件了,但是獲取token的路由,需要排除這個(gè)中間件 ->middleware(['api','auth:sanctum']) ->namespace($this->namespace) ->group(base_path('routes/api.php')); //'routes/web.php'這個(gè)文件里面的路由,默認(rèn)都會(huì)使用web這個(gè)中間件 Route::middleware('web') ->namespace($this->namespace) ->group(base_path('routes/web.php')); }); } }
上面的代碼提到了兩個(gè)自帶的中間件api
和web
,他們的定義在app/Http/Kernel.php
文件中,它的核心代碼如下:
protected $middlewareGroups = [ //web中間件 'web' => [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, // \Illuminate\Session\Middleware\AuthenticateSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class, //這里需要格外注意,所有/route/web.php中的路由,如果是post請(qǐng)求,都會(huì)有csrfToken的驗(yàn)證,當(dāng)然也可以手動(dòng)給排除一些路由 \App\Http\Middleware\VerifyCsrfToken::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, ], //api中間件 'api' => [ \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class, 'throttle:api', \Illuminate\Routing\Middleware\SubstituteBindings::class, ], ];
注意看web中間件中有 \App\Http\Middleware\VerifyCsrfToken::class,
這行,他的作用是所有/route/web.php中的路由,如果是post請(qǐng)求,都會(huì)有csrfToken的驗(yàn)證,當(dāng)然也可以手動(dòng)給排除一些路由
/route/api.php
<?php use Illuminate\Http\Request; use Illuminate\Support\Facades\Route; /* |-------------------------------------------------------------------------- | API Routes |-------------------------------------------------------------------------- | | Here is where you can register API routes for your application. These | routes are loaded by the RouteServiceProvider within a group which | is assigned the "api" middleware group. Enjoy building your API! | */ Route::middleware('auth:sanctum')->get('/user', function (Request $request) { return $request->user(); }); Route::post('/tokens/create', function (Request $request) { $user = \App\Models\User::find(1); 模擬登陸,此時(shí),會(huì)將用戶的session存儲(chǔ),但是實(shí)際通過API認(rèn)證的時(shí)候,此處用不到 // \Illuminate\Support\Facades\Auth::login($user); $token = $user->createToken($user->name); return ['token' => $token->plainTextToken]; })->withoutMiddleware('auth:sanctum'); Route::post('/tokens/create2', function (Request $request) { //這里可以寫自己的一些驗(yàn)證邏輯 //用戶來獲取token,必須攜帶用戶名和密碼 $password = $request->get("password"); $username = $request->get("username"); $user = \App\Models\User::where('password', $password)->where('username', $username)->first(); if (!$user) { return [ 'code' => 500, 'msg' => '用戶名密碼錯(cuò)誤' ]; } $token = $user->createToken($user->name); return ['token' => $token->plainTextToken]; })->withoutMiddleware('auth:sanctum'); //用來寫使用session,不是前后端分離的用戶登陸 Route::post('/login', function (Request $request) { //laravel內(nèi)部的驗(yàn)證方式 if (\Illuminate\Support\Facades\Auth::attempt([ 'username' => $request->get("name"), 'password' => $request->get("password")])) { //登陸成功 //保存session } else { //登陸失敗 } })->withoutMiddleware('auth:sanctum');
感謝各位的閱讀,以上就是“Larave框架如何通過sanctum進(jìn)行API鑒權(quán)”的內(nèi)容了,經(jīng)過本文的學(xué)習(xí)后,相信大家對(duì)Larave框架如何通過sanctum進(jìn)行API鑒權(quán)這一問題有了更深刻的體會(huì),具體使用情況還需要大家實(shí)踐驗(yàn)證。這里是億速云,小編將為大家推送更多相關(guān)知識(shí)點(diǎn)的文章,歡迎關(guān)注!
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場,如果涉及侵權(quán)請(qǐng)聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。