blob/laravel-jwt-auth

一个简单的Laravel接口,用于通过JWT进行认证。

维护者

详细信息

github.com/Bloby/laravel-jwt-auth

源代码

问题

安装次数: 26

依赖项: 0

建议者: 0

安全性: 0

星星: 0

关注者: 1

分支: 0

开放问题: 0

dev-master 2017-08-31 21:26 UTC

Requires

MIT 1e1c507ffe599e3ce7380e9807733baee957c239

  • Bloby

authlaraveljwt

This package is not auto-updated.

Last update: 2024-09-20 23:28:55 UTC

README

注意: 此包不再处于活跃开发状态。请随意分叉并按需扩展。

一个简单的Laravel接口,用于与JWT认证API交互。

安装

要安装此包,只需将以下内容添加到Laravel安装的composer.json文件中

"require": {
	"laravel/framework": "5.*",
	"blob/laravel-jwt-auth": "dev-master"
},

运行composer update以获取文件。

然后,将以下服务提供者添加到你的config/app.php文件中的providers数组中

'providers' => [
	...
    JWTAuth\Providers\JWTAuthServiceProvider::class,
    JWTAuth\Providers\JWTEventServiceProvider::class,
];

然后,将以下门面添加到你的config/app.php文件中的aliases数组中

'aliases' => [
    ...
    'JWTAuth' => JWTAuth\Facades\JWTAuth::class,
];

然后,将以下中间件添加到你的app/Http/Kernel.php文件中的routeMiddleware数组中

protected $routeMiddleware = [
    ...
    'jwt.auth' => \JWTAuth\Http\Middleware\JWTAuth::class,
    'jwt.auth.acl' => \JWTAuth\Http\Middleware\JWTAuthAcl::class,
];

从命令行运行:php artisan vendor:publish --provider="JWTAuth\Providers\JWTAuthServiceProvider"

配置

打开config/jwt.php并配置API端点和凭证

return [
    'username' => 'email',
    'secret' => 'secret_change_me',//32 length
    'token_header' => 'Authorization',
    //post, get, ...
    'token_name' => 'token',
    //ex: example.com
    'iss' => 'iss_change_me',
    //ex: my_app_name
    'aud' => 'aud_change_me',
    //token expiration
    'expiration' => 3600,//sec
    'store' => 'file',
    //count of attempt fails by credentials
    'attempts' => 5,
    //block user on *min, if count of attempts not remain
    'attempts_exp' => 60, //min
];

使用

通过凭证进行认证

try
{
    $credentials = $request->only(['email', 'password']);
    
    if (!JWTAuth::attempt($credentials)) {
        return response()->json(['reason' => 'user_not_found', 'message' => 'User with provided credentials not found.'], 404);
    }
}
catch (AttemptException $e)
{
    return response()->json(['reason' => 'attempt_locked', 'message' => $e->getMessage()], $e->getStatusCode());
}
catch (TokenUnavailableException $e)
{
    return response()->json(['reason' => 'token_unavailable', 'message' => $e->getMessage()], $e->getStatusCode());
}
catch (TokenExpiredException $e)
{
    return response()->json(['reason' => 'token_expired', 'message' => $e->getMessage()], $e->getStatusCode());
}
catch (TokenInvalidException $e)
{
    return response()->json(['reason' => 'token_invalid', 'message' => $e->getMessage()], $e->getStatusCode());
}
catch (JWTException $e)
{
    return response()->json(['reason' => 'token_not_provided', 'message' => $e->getMessage()], $e->getStatusCode());
}

通过令牌进行认证

try
{
    JWTAuth::validateToken(JWTAuth::getToken());
    
    if (!JWTAuth::attempt()) {
        return response()->json(['reason' => 'user_not_found', 'message' => 'User with provided credentials not found.'], 404);
    }
}
catch (AttemptException $e)
{
    return response()->json(['reason' => 'attempt_locked', 'message' => $e->getMessage()], $e->getStatusCode());
}
catch (TokenUnavailableException $e)
{
    return response()->json(['reason' => 'token_unavailable', 'message' => $e->getMessage()], $e->getStatusCode());
}
catch (TokenExpiredException $e)
{
    return response()->json(['reason' => 'token_expired', 'message' => $e->getMessage()], $e->getStatusCode());
}
catch (TokenInvalidException $e)
{
    return response()->json(['reason' => 'token_invalid', 'message' => $e->getMessage()], $e->getStatusCode());
}
catch (JWTException $e)
{
    return response()->json(['reason' => 'token_not_provided', 'message' => $e->getMessage()], $e->getStatusCode());
}

调用attempt()方法后,将返回\App\User对象。

$user = JWTAuth::user();

创建并获取新令牌。其中$user\App\User的实例。

$tokenObject = JWTAuth::createToken($user);

string获取令牌对象。

$tokenObject = JWTAuth::parseToken($token);

方法getToken()将在头或请求数据中搜索令牌。

以字符串形式获取令牌

$tokenString = (string)JWTAuth::getToken();

以对象形式获取令牌 (\Lcobucci\JWT\Token)

$tokenObject = JWTAuth::getToken();

标记令牌为不可用。其中$token\Lcobucci\JWT\Token的实例。

JWTAuth::forgetToken($token);

验证令牌。其中$token\Lcobucci\JWT\Token的实例。

try
{
    JWTAuth::validateToken($token)
}
catch(
/**
 * @throws \JWTAuth\Exceptions\TokenExpiredException
 * @throws \JWTAuth\Exceptions\TokenInvalidException
 * @throws \JWTAuth\Exceptions\TokenUnavailableException
 */
)
{
}

设置username字段名,而不是配置默认的email

JWTAuth::setUsername('login');

获取当前username字段名

$username = JWTAuth::username();

通过凭证获取用户(\App\User)

$user = JWTAuth::retrieveByCredentials($credentials);

通过令牌(\Lcobucci\JWT\Token)获取用户(\App\User)

$user = JWTAuth::retrieveByJWT($token);

登录用户。其中$user\App\User的实例。

login($user);