框架自带Token认证
-
- 需要在用户表加api_token字段
-
2.路由配置
登录注册等省略,详细参考文档
https://laravelacademy.org/post/9153.html#toc_12
-
- 配置需要认证的路由
Route::group(['middleware'=>'auth:api'],function(){
Route::any('user', function (Request $request) {
return $request->user();
});
});
上面需要认证通过,才能拿到用户的Token信息
['middleware'=>'auth:api'] 这段配置的意思:
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
],
],
路由中间件: 'auth' => \Illuminate\Auth\Middleware\Authenticate::class, 对应的配置文件 auth.php auth.guards.api
dirver 文件是token 对应的是框架的:
vendor/laravel/framework/src/Illuminate/Auth/TokenGuard.php
vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php
获取Token 的方法,从header里面获取
public function getTokenForRequest()
{
$token = $this->request->query($this->inputKey);
if (empty($token)) {
$token = $this->request->input($this->inputKey);
}
if (empty($token)) {
$token = $this->request->bearerToken();
}
if (empty($token)) {
$token = $this->request->getPassword();
}
return $token;
}
/**
* Get the bearer token from the request headers.
*
* @return string|null
*/
public function bearerToken()
{
$header = $this->header('Authorization', '');
if (Str::startsWith($header, 'Bearer ')) {
return Str::substr($header, 7);
}
}
由此可知框架从header里面获取默认的字段是Authorization ,且字段值是 Bearer api_token,如下图
开始没有看源码测试了 api_toke, token,Authorization 都试过不可以(其实Authorization 这个是可以的)
不可以的原因是因为,路由配置是get请求,结果代码里面是post请求导致路由异常
Symfony\\Component\\HttpKernel\\Exception\\MethodNotAllowedHttpException
参考:
https://segmentfault.com/a/1190000018245349
https://learnku.com/articles/11006/detailed-explanation-of-laravels-own-api-guard-drive-token
访问用户
https://laravelacademy.org/post/9153.html#toc_12
$request->user() 或 Auth 门面访问当前用户:
Auth::guard('api')->user(); // 登录用户实例
Auth::guard('api')->check(); // 用户是否登录
Auth::guard('api')->id(); // 登录用户ID
中间件
Location of auth:api Middleware
It's not a good idea to edit vendor files
https://stackoverflow.com/questions/53716751/location-of-authapi-middleware