randomstate/laravel-auth

基于策略的 Laravel 身份验证

维护者

详细信息

github.com/randomstate/laravel-auth

源代码

问题

安装: 62

依赖者: 2

建议者: 0

安全性: 0

星标: 0

关注者: 2

分支: 0

开放问题: 0

v1.0.1 2019-05-19 16:46 UTC

Requires (Dev)

MIT 12732f35b046172e667b334bf6e340e5405cad9d

  • Connor Forsyth <connor.woop@randomstate.co.uk>

This package is auto-updated.

Last update: 2024-09-23 16:06:28 UTC

README

为 Laravel 提供基于策略的认证组件。

使用 Laravel 配置

RandomState\LaravelAuth\LaravelAuthServiceProvider::class 添加到 app.php 的 'providers' 配置中。

策略

在服务提供者中

public function register() {
    $this->app->resolving(AuthManager::class, function($manager) {
        $manager->register('jwt', $this->app->make(JwtStrategy::class));
    });
    
    $this->app->resolving(JwtStrategy::class, function($strategy) {
        $strategy->convertUsing(function(JwtUser $jwtUser) {
            return new MyUser($jwtUser);
        });
    });
}

编写自定义策略

实现策略相对简单,但您在编写策略之前需要对您的身份验证机制有深入的了解。这个库不能保护您免受您意外实现的任何安全漏洞。

您的策略应实现接口 RandomState\LaravelAuth\AuthStrategy。提供了一个方便的 RandomState\LaravelAuth\AbstractAuthStrategy 类来帮助实现。该接口中有两个必须实现的方法,以下将进行解释。

/*
 * This method is responsible for authenticating a given Laravel HTTP Request.
 * You have access to the entire request and can choose to manipulate the request's response property to your liking.
 * For more complex flows such as OAuth2, you can still implement these in a single strategy by
 * checking for access tokens in the URL and performing different redirect logic. Only when everything is in the URL for a final
 * step should you then authenticate and allow a user through. See some of the Random State strategies for examples on how to do this.
 */
public function attempt(Request $request);

/*
 * If you use the AbstractAuthStrategy class to help you, you can ignore this method.
 *
 * The strategy system works well when it is isolated to its own domain. You should usually expose strategy specific objects
 * to represent the client or user that is authenticating/authenticated. This might be a FirebaseUser, a StripeUser,
 * a GitHub user etc.
 * 
 * This function should take the (possibly-null) authenticated object returned by your attempt method and convert it into a
 * user object you can use in your application.
 */
public function convert($user);

/*
 * This method is only present in the AbstractAuthStrategy class, if you are extending that class.
 * 
 * Strategies made for open source or third party use will benefit greatly from this API.
 * It allows a consumer to pass a function to convert the domain-specific user (e.g. FirebaseUser) to their own domain.
 * 
 * This is especially useful for third-party consumers simply because you don't need to know the structure of their application
 * ahead of creating the strategy implementation.
 */
public function convertUsing(Closure $converter);