参考
- https://learnku.com/docs/laravel/10.x/authenticationmd/14876
- https://learnku.com/docs/laravel/10.x/sanctummd/14914
- https://learnku.com/articles/39646
环境
| 软件/系统 | 版本 | 说明 |
|---|---|---|
| windows | 10 | |
| php | 8.2.5-nts-Win32-vs16-x64 | |
| composer | 2.5.5 | |
| laravel | 10.8.0 | |
| mysql | 8.0.18 |
前置工作
https://learnku.com/docs/laravel/10.x/sanctummd/14914#installation
- 安装
composer require laravel/sanctum - 发布配置与迁移文件
php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider" - 将 Sanctum 的中间件添加到你的应用程序的 app/Http/Kernel.php 文件中的 api 中间件组中
'api' => [ \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class, \Illuminate\Routing\Middleware\ThrottleRequests::class.':api', \Illuminate\Routing\Middleware\SubstituteBindings::class, ], - 数据库迁移
php artisan migrate(需要数据库链接)
完整代码 api.php
获取的令牌放在 Authorization 标头中传递,格式为
Bearer ${token}, 其中 token 为获取到的登录 token 字符串,如Bearer 6|Qyl8iYbMVf1eJOgPvfskxinNC8MnOwrnEf66RgoG
<?php
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Route;
use Illuminate\Validation\ValidationException;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider and all of them will
| be assigned to the "api" middleware group. Make something great!
|
*/
// 使用 middleware('auth:sanctum') 包裹的就会自定验证用户登录与将用户信息放到 $request->user() 中
// 获取的令牌放在 Authorization 标头中传递,格式为 `Bearer ${token}`, 其中 token 为获取到的登录 token 字符串,如`Bearer 6|Qyl8iYbMVf1eJOgPvfskxinNC8MnOwrnEf66RgoG`
Route::middleware('auth:sanctum')->prefix("/user")->group(function () {
Route::get('', function (Request $request) {
return [
// 所有token
// $request->user()->tokens
//
$request->user()
];
});
Route::delete('/login_out_all', function (Request $request) {
return $request->user()->tokens()->delete();
});
});
/**
* 小程序版与密码版区别是小程序版可能没有密码。
*/
// 添加用户
Route::post('/add_user', function (Request $request) {
// 密码版
$user = new User();
$user->name = $request->input("name");
$user->email = $request->input("email");
// 需要通过 Hash::make 加密后,才能使用 Auth::attempt 验证密码正确性
$user->password = Hash::make($request->input("password"));
$user->save();
// // 小程序版
// $user = new User();
// $user->phone_number = $request->input("phone_number");
// // openId 需要去微信获取,这里只是简单演示
// $user->open_id = $request->input("open_id");
// $user->save();
return $user;
});
// 用户登录
Route::post('/login_user', function (Request $request) {
// // 密码版验证
$email = $request->input("email");
// password 为未加密的用户密码,如:123456
$password = $request->input("password");
// 可以添加自定义认证字段,如:active=1
// if (Auth::attempt(['email' => $email, 'password' => $password, 'active' => 1])) {
if (!Auth::attempt(['email' => $email, 'password' => $password])) {
throw new \Exception("用户验证失败");
}
// 通过验证后就会自动登录,$request->user() 就可以获取到用户信息了。
return [
'token' => $request->user()->createToken("USER_TOKEN"),
'user'=> $request->user()
];
// // 密码版验证 结束
// // 小程序版验证
// $user = User::where("email", $request->input("email"))->firstOrFail();
// Auth::login($user);
// $token = $request->user()->createToken("USER_TOKEN");
// return [
// 'token' => $token->plainTextToken,
// 'user'=> $request->user()
// ];
// // 小程序版验证 结束
});