Auth 認證原理簡述
Laravel 的認證是使用 guard 與 provider 配合完成, guard 負責認證的業務邏輯,認證信息的服務端保存等; provider 負責提供認證信息的持久化數據提供。
請求提交給 guard, guard 從 provider 里取出數據(類似用戶名、密碼等),驗證輸入數據與服務器端存儲的數據是否吻合。如果提交的數據正確,再做 session 等業務的處理(如有需要)。
認證腳手架
首先我們導入 Laravel 的自帶的認證腳手架
php artisan make:auth
執行數據庫遷移:
php artisan migrate
修改 Auth 認證的配置文件 config/auth.php
在 gurads 處,添加 admin guard 用於后台管理員認證
'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'admin' => [ 'driver' => 'session', 'provider' => 'admins', ], 'api' => [ 'driver' => 'token', 'provider' => 'users', ], ],
在 providers 處添加 admins provider,使用 Admin 模型
'providers' => [ 'users' => [ 'driver' => 'eloquent', 'model' => App\User::class, ], 'admins' => [ 'driver' => 'eloquent', 'model' => App\Admin::class, ], ],
創建后台管理員模型
我們再創建一個 Admin 模型,用於后台管理員登錄驗證。
php artisan make:model Admin -m
-m 參數會同時生成數據庫遷移文件 xxxx_create_admins_table
修改 app/Admin.php 模型文件
<?php namespace App; use Illuminate\Notifications\Notifiable; use Illuminate\Foundation\Auth\User as Authenticatable; class Admin extends Authenticatable { use Notifiable; /** * The attributes that are mass assignable. * * @var array */ protected $fillable = [ 'name', 'password', ]; /** * The attributes that should be hidden for arrays. * * @var array */ protected $hidden = [ 'password', 'remember_token', ]; }
編輯 xxxx_create_admins_table 文件,后台管理員模型結構與前台用戶差不多,去掉 email 字段,name 字段設為 unique
<?php use Illuminate\Support\Facades\Schema; use Illuminate\Database\Schema\Blueprint; use Illuminate\Database\Migrations\Migration; class CreateAdminsTable extends Migration { /** * Run the migrations. * * @return void */ public function up() { Schema::create('admins', function (Blueprint $table) { $table->increments('id'); $table->string('name')->unique(); $table->string('password'); $table->rememberToken(); $table->timestamps(); }); } /** * Reverse the migrations. * * @return void */ public function down() { Schema::dropIfExists('admins'); } }
管理員模型填充數據
定義一個數據模型工廠,在 database/factories/ModelFactory.php 中添加如下代碼
$factory->define(App\Admin::class, function (Faker\Generator $faker) { static $password; return [ 'name' => $faker->firstName, 'password' => $password ?: $password = bcrypt('secret'), 'remember_token' => str_random(10), ]; });
使用 Faker 隨機填充用戶名
在 database/seeds 目錄下生成 AdminsTableSeeder.php 文件。
php artisan make:seeder AdminsTableSeeder
編輯 database/seeds/AdminsTableSeeder.php 文件的 run 方法,添加3個管理員用戶,密碼為 123456
1 public function run() 2 { 3 factory('App\Admin', 3)->create([ 4 'password' => bcrypt('123456') 5 ]); 6 }
在 database/seeds/DatabaseSeeder.php 的 run 方法里調用 AdminsTableSeeder 類
1 public function run() 2 { 3 $this->call(AdminsTableSeeder::class); 4 }
執行數據庫遷移命令
1 php artisan migrate --seed
數據庫里會創建 admins 表,並且生成了3條數據
創建后台頁面
創建控制器
php artisan make:controller Admin/LoginController
php artisan make:controller Admin/IndexController
其中, Admin/LoginController 負責登錄邏輯; Admin/IndexController 管理登錄后的首頁。
編輯 Admin/LoginController.php
1 <?php 2 3 namespace App\Http\Controllers\Admin; 4 5 use App\Http\Controllers\Controller; 6 use Illuminate\Foundation\Auth\AuthenticatesUsers; 7 8 class LoginController extends Controller 9 { 10 /* 11 |-------------------------------------------------------------------------- 12 | Login Controller 13 |-------------------------------------------------------------------------- 14 | 15 | This controller handles authenticating users for the application and 16 | redirecting them to your home screen. The controller uses a trait 17 | to conveniently provide its functionality to your applications. 18 | 19 */ 20 21 use AuthenticatesUsers; 22 23 /** 24 * Where to redirect users after login / registration. 25 * 26 * @var string 27 */ 28 protected $redirectTo = '/admin'; 29 30 /** 31 * Create a new controller instance. 32 * 33 * @return void 34 */ 35 public function __construct() 36 { 37 $this->middleware('guest.admin', ['except' => 'logout']); 38 } 39 40 /** 41 * 顯示后台登錄模板 42 */ 43 public function showLoginForm() 44 { 45 return view('admin.login'); 46 } 47 48 /** 49 * 使用 admin guard 50 */ 51 protected function guard() 52 { 53 return auth()->guard('admin'); 54 } 55 56 /** 57 * 重寫驗證時使用的用戶名字段 58 */ 59 public function username() 60 { 61 return 'name'; 62 } 63 }
編輯 Admin/IndexController.php
1 <?php 2 3 namespace App\Http\Controllers\Admin; 4 5 use Illuminate\Http\Request; 6 7 use App\Http\Requests; 8 use App\Http\Controllers\Controller; 9 10 class IndexController extends Controller 11 { 12 /** 13 * 顯示后台管理模板首頁 14 */ 15 public function index() 16 { 17 return view('admin.index'); 18 } 19 }
后台顯示模板
復制 views/layouts/app.blade.php 成 views/layouts/admin.blade.php
編輯后台管理布局模板
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- CSRF Token -->
<meta name="csrf-token" content="{{ csrf_token() }}">
<title>{{ config('app.name', 'Laravel') }} - Admin</title>
<!-- Styles -->
<link href="{{ asset('css/app.css') }}" rel="stylesheet">
</head>
<body>
<nav class="navbar navbar-default navbar-static-top">
<div class="container">
<div class="navbar-header">
<!-- Collapsed Hamburger -->
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse"
data-target="#app-navbar-collapse">
<span class="sr-only">Toggle Navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<!-- Branding Image -->
<a class="navbar-brand" href="{{ url('/') }}">
{{ config('app.name', 'Laravel') }}
</a>
</div>
<div class="collapse navbar-collapse" id="app-navbar-collapse">
<!-- Left Side Of Navbar -->
<ul class="nav navbar-nav">
</ul>
<!-- Right Side Of Navbar -->
<ul class="nav navbar-nav navbar-right">
<!-- Authentication Links -->
@if (auth()->guard('admin')->guest())
<li><a href="{{ url('/admin/login') }}">Login</a></li>
{{--<li><a href="{{ route('register') }}">Register</a></li>--}}
@else
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button"
aria-expanded="false" aria-haspopup="true">
{{ auth()->guard('admin')->user()->name }} <span class="caret"></span>
</a>
<ul class="dropdown-menu">
<li>
<a href="{{ url('/admin/logout')}}"
onclick="event.preventDefault();
document.getElementById('logout-form').submit();">
Logout
</a>
<form id="logout-form" action="{{ url('/admin/logout')}}" method="POST"
style="display: none;">
{{ csrf_field() }}
</form>
</li>
</ul>
</li>
@endif
</ul>
</div>
</div>
</nav>
@yield('content')
<!-- Scripts -->
<script src="{{ asset('js/app.js') }}"></script>
</body>
</html>
復制 views/auth/login.blade.php 成 views/admin/login.blade.php
編輯該模板,更改布局文件為 layouts.admin, 把表單的提交 url 改為 admin/login,email 字段改成 name字段,去掉找回密碼的部分
@extends('layouts.admin')
@section('content')
<div class="container">
<div class="row">
<div class="col-md-8 col-md-offset-2">
<div class="panel panel-default">
<div class="panel-heading">Admin Login</div>
<div class="panel-body">
<form class="form-horizontal" role="form" method="POST" action="{{ url('/admin/login') }}">
{{ csrf_field() }}
<div class="form-group{{ $errors->has('name') ? ' has-error' : '' }}">
<label for="name" class="col-md-4 control-label">Name</label>
<div class="col-md-6">
<input id="name" type="text" class="form-control" name="name" value="{{ old('name') }}" required autofocus>
@if ($errors->has('name'))
<span class="help-block">
<strong>{{ $errors->first('name') }}</strong>
</span>
@endif
</div>
</div>
<div class="form-group{{ $errors->has('password') ? ' has-error' : '' }}">
<label for="password" class="col-md-4 control-label">Password</label>
<div class="col-md-6">
<input id="password" type="password" class="form-control" name="password" required>
@if ($errors->has('password'))
<span class="help-block">
<strong>{{ $errors->first('password') }}</strong>
</span>
@endif
</div>
</div>
<div class="form-group">
<div class="col-md-6 col-md-offset-4">
<div class="checkbox">
<label>
<input type="checkbox" name="remember"> Remember Me
</label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-md-8 col-md-offset-4">
<button type="submit" class="btn btn-primary">
Login
</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
@endsection
復制 views/home.blade.php 成 views/admin/index.blade.php
編輯該模板
1 @extends('layouts.admin') 2 3 @section('content') 4 <div class="container"> 5 <div class="row"> 6 <div class="col-md-8 col-md-offset-2"> 7 <div class="panel panel-default"> 8 <div class="panel-heading">Dashboard</div> 9 10 <div class="panel-body"> 11 You are logged in admin dashboard! 12 </div> 13 </div> 14 </div> 15 </div> 16 </div> 17 @endsection
添加后台路由
編輯 routes/web.php, 添加以下內容
1 Route::group(['prefix' => 'admin'], function () { 2 Route::group(['middleware' => 'auth.admin'], function () { 3 Route::get('/', 'Admin\IndexController@index'); 4 }); 5 6 Route::get('login', 'Admin\LoginController@showLoginForm')->name('admin.login'); 7 Route::post('login', 'Admin\LoginController@login'); 8 Route::post('logout', 'Admin\LoginController@logout'); 9 });
后台管理認證中間件
創建后台管理認證中間件
1 php artisan make:middleware AuthAdmin
編輯 AuthAdmin
1 <?php 2 3 namespace App\Http\Middleware; 4 5 use Closure; 6 7 class AuthAdmin 8 { 9 /** 10 * Handle an incoming request. 11 * 12 * @param \Illuminate\Http\Request $request 13 * @param \Closure $next 14 * @return mixed 15 */ 16 public function handle($request, Closure $next) 17 { 18 if (auth()->guard('admin')->guest()) { 19 if ($request->ajax() || $request->wantsJson()) { 20 return response('Unauthorized.', 401); 21 } else { 22 return redirect()->guest('admin/login'); 23 } 24 } 25 26 return $next($request); 27 } 28 }
創建后台管理登錄跳轉中間件,用於有些操作在登錄之后的跳轉
1 php artisan make:middleware GuestAdmin
編輯該中間件的 handle 方法
1 public function handle($request, Closure $next) 2 { 3 if (auth()->guard('admin')->check()) { 4 return redirect('/admin'); 5 } 6 7 return $next($request); 8 }
在 app/Http/Kernel.php 中注冊以上中間件
1 protected $routeMiddleware = [ 2 ...... 3 'auth.admin' => \App\Http\Middleware\AuthAdmin::class, 4 'guest.admin' => \App\Http\Middleware\GuestAdmin::class, 5 ];
處理注銷
經過上面的步驟,已經實現了前后台分離登錄,但是不管是在前台注銷,還是在后台注銷,都銷毀了所有的 session,導致前后台注銷連在一起。所以我們還要對注銷的方法處理一下。
原來的 logout 方法是這樣寫的,在 Illuminate\Foundation\Auth\AuthenticatesUsers 里
1 public function logout(Request $request) 2 { 3 $this->guard()->logout(); 4 5 $request->session()->flush(); 6 7 $request->session()->regenerate(); 8 9 return redirect('/'); 10 }
注意這一句
1 $request->session()->flush();
將所有的 session 全部清除,這里不分前台、后台,所以要對這里進行改造。
因為前台、后台注銷都要修改,所以我們新建一個 trait,前后台都可以使用。
新建一個文件 app/Extensions/AuthenticatesLogout.php
1 <?php 2 namespace App\Extensions; 3 4 use Illuminate\Http\Request; 5 6 7 trait AuthenticatesLogout 8 { 9 public function logout(Request $request) 10 { 11 $this->guard()->logout(); 12 13 $request->session()->forget($this->guard()->getName()); 14 15 $request->session()->regenerate(); 16 17 return redirect('/'); 18 } 19 }
我們將上面的那一句改成
1 $request->session()->forget($this->guard()->getName());
只是刪除掉當前 guard 所創建的 session,這樣就達到了分別注銷的目的。
修改 Auth/LoginController.php 和 Admin/LoginController.php,將
1 class LoginController extends Controller 2 { 3 use AuthenticatesUsers;
改掉,在文件的前面別忘了加上 use 語句
1 use App\Extensions\AuthenticatesLogout; 2 3 ... 4 5 class LoginController extends Controller 6 { 7 use AuthenticatesUsers, AuthenticatesLogout { 8 AuthenticatesLogout::logout insteadof AuthenticatesUsers; 9 } 10 ...
到這里,就完成了整個不同用戶表登錄認證的過程。