一、安装

1
composer require tymon/jwt-auth

二、发布配置文件

1
php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"

三、生成密钥

1
php artisan jwt:secret 

四、修改config的配置

config/auth.php中修改:

image-20220516233045493

然后把providersusers模型类改成你的

image-20220516233136198

五、生成中间件

1
php artisan make:middleware JWTRoleAuth 

六、配置中间件

白名单中值为路由的name,默认laravel不给路由设置名字,比如:

1
Route::get('student/list','\App\Http\Controllers\StudentController@getStudentList')->name('studentList');

api_response()方法请看上一期

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
<?php

namespace App\Http\Middleware;

use Closure;
use Tymon\JWTAuth\Facades\JWTAuth;
use Tymon\JWTAuth\Exceptions\JWTException;
use Tymon\JWTAuth\Exceptions\TokenExpiredException;
use Tymon\JWTAuth\Exceptions\TokenInvalidException;


class JWTRoleAuth
{
/**
* @var array 权限验证白名单、路由的名称
*/
protected $except = [
//
'login',
'register',
'logout'
];

public function handle($request, Closure $next)
{
$key = \Illuminate\Support\Facades\Route::currentRouteName();
if (!empty($key) && in_array($key, $this->except)) { //如果存在白名单
return $next($request);
}

try {
if (!$user = JWTAuth::parseToken()->authenticate()) { //获取到用户数据,并赋值给$user
return response(api_response(false, 1004, '无此用户'));
}
return $next($request);
} catch (TokenExpiredException $e) {
return response(api_response(false, 1003, 'token 过期'));
} catch (TokenInvalidException $e) {
return response(api_response(false, 1002, 'token 无效'));
} catch (JWTException $e) {
return response(api_response(false, 1001, '缺少token'));
}
}
}

七、注册控制器

编辑App\Http\Kernel.php文件

在api中间件注册:

image-20220519204803908

八、修改控制器

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
<?php

namespace App\Http\Controllers;

use App\Models\User;
use Illuminate\Support\Facades\Validator;

/**
* 孤鸿渺影
* 2022/5/16 23:41
* UserController
*/
class UserController extends Controller
{
public function register()
{
$data = request()->only(['username', 'password']);
$validator = Validator::make($data, [
'username' => 'required',
'password' => 'required'
], [
'username' => '用户名',
'password' => '密码'
]);
if ($validator->fails()) {
return api_response(false, 10001, $validator->errors()->first());
}
$user = User::create($data);
if($user){
return api_response(true, 0, '注册成功',$user);
}
return api_response(false, 30001, '注册失败');

}

public function login()
{
$credentials = request(['username', 'password']);
if ($token = auth("api")->attempt($credentials)) {
return api_response(false, 1000, '登录失败');
}
return api_response(true, 0, '登录成功', $this->respondWithToken($token));
}

public function logout()
{
auth('api')->logout();
return api_response(true, 0, '注销登录成功');
}

protected function respondWithToken($token)
{
return response()->json([
'access_token' => $token,
'token_type' => 'bearer',
'expires_in' => auth('api')->factory()->getTTL() * 60
]);
}


}