gboyegadada/lumen-jwt

Lumen 5.4 的 JWT 认证守卫器

维护者

详细信息

github.com/gboyegadada/lumen-jwt

源代码

问题

安装次数: 15,951

依赖关系: 0

建议者: 0

安全性: 0

星星: 17

关注者: 6

分支: 5

公开问题: 1

v1.0.73 2017-10-24 08:49 UTC

Requires

MIT 3701e6615e43ec9ba33f69a92eb8dc8afe8a8c62

  • Gboyega Dada <boyega.woop@gmail.com>

This package is not auto-updated.

Last update: 2024-09-15 02:48:13 UTC

README

Lumen 5.4 的 JWT 认证守卫器

安装

$ composer require gboyegadada/lumen-jwt

设置

# edit: bootstrap/app.php

// 1. Uncomment next 2 lines...
$app->withFacades();
$app->withEloquent();

// 2. Uncomment next 3 lines...
$app->routeMiddleware([
     'auth' => App\Http\Middleware\Authenticate::class,
]);

// 3. Register Auth Service Provider
$app->register(Yega\Auth\JWTAuthServiceProvider::class);
$ mkdir config
$ cp vendor/laravel/lumen-framework/config/auth.php config/
# edit: config/auth.php

/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
| ........
|
*/

'guards' => [
    'api' => [
        'driver' => 'jwt',
        'provider' => 'users'
    ]
],

/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
| ..............
|
*/

'providers' => [
    'users' => [
        'driver' => 'eloquent',
        'model'  => App\Models\User::class,
    ]
],

配置

# edit: .env

# required fields
JWT_KEY=XXXXXXXXXXXXXXXXXXXXX
JWT_EXPIRE_AFTER=7200
JWT_ISSUER=myappname-or-domain

# optional fields
JWT_ID_FIELD=user_id
JWT_INCLUDE=email,avatar,full_name,first_name,last_name
JWT_NBF_DELAY=5

JWT_ID_FIELD 是用户模型上 Laravel 认证提供者用于查找账户的属性名称。默认为 id

JWT_INCLUDE 列出了要包含在令牌的 data 属性中的用户属性。如果 JWT_ID_FIELD 不在此列表中,它将自动添加。默认为 id 字段。

JWT_NBF_DELAY 是令牌生成后多少秒生效(即令牌现在 + 延迟之前 有效)。默认为 10

使用(服务器端): Lumen

# edit: routes/web.php

// Wrap protected routes with this...
$app->group(['middleware' => 'auth:api' ], function($app)  {
    // Protected route...
    $app->get('test', function (Request $request) use ($app) {
        return "Yayyy! I'm so safe! Not!"
    });
});
# edit: app/Http/Controllers/AuthController.php

/**
 * post: /login
 * @return string
 */
public function postLogin(Request $req)
{

    $credentials = $req->only('email', 'password');

    /**
     * Token on success | false on fail
     *
     * @var string | boolean
     */
    $token = Auth::attempt($credentials);

    return ($token !== false)
            ? json_encode(['jwt' => $token])
            : response('Unauthorized.', 401);

}

使用(客户端): JavaScript

1. 登录以获取令牌

const url = 'https://:8000/login';

// Login credentials
let data = {
    email: 'boyega@gmail.com',
    password: 'areacode234'
}

// Create our request constructor with all the parameters we need
var request = new Request(url, {
    method: 'POST',
    body: data
});

fetch(request)
.then(reponse) {
  if(response.ok) {
    return response.json();
  }
  throw new Error('Network response was not ok.');
}
.then(function(json) {
    localStorage.setItem('token', json.jwt);
});

2. 使用我们的 JWT 令牌进行后续请求

const url = 'https://:8000/test';

// Add our token in the Authorization header
var token = localStorage.getItem('token');
var myHeaders = new Headers();
myHeaders.append("Authorization", "Bearer "+token);

/* !! important: make sure there is [:space:] between "Bearer" and token !! */

// Create our request constructor with all the parameters we need
var request = new Request(url, {
    method: 'POST',
    body: data,
    headers: myHeaders    
});

fetch(request)
.then(reponse) {
  if(response.ok) {
    return response.text(); 
  }
  throw new Error('Network response was not ok.');
}
.then(function(data) {
    console.log(data);
})