Laravel 7 用户认证 Auth —— 2 内置的API认证（不推荐）

1 原理

1.1 注册

用户注册后，随机生成长字符串作为token，原生的token返回给用户，哈希后的token存到数据库里

1.2 登录

用户使用账号密码登录成功，随机生成字符串作为token，原生的token返回给用户，哈希后的token存到数据库里

1.3 认证

将用户传来的原生的token经行哈希，然后取数据库中查找哈希后的token，找到了就认证成功，否则失败。

2 使用

2.1 users添加api_token字段

使用迁移添加

2.2 设置模型可操作api_token字段

appUser.php

    /**
     * The attributes that are mass assignable.
     *
     * @var array
     */
    protected $fillable = [
        'name', 'email', 'password','api_token'
    ];

2.3 修改配置文件

configauth.php

'defaults' => [
        //'guard' => 'web',
        'guard' => 'api',
        'passwords' => 'users',
    ],

'api' => [
            'driver'    => 'token',
            'provider'  => 'users',
            'hash'      => true,   //用SHA-256算法哈希你的令牌
        ],

2.4 设置所有请求和响应都是json格式

php artisan make:request BaseRequest

appHttpRequestsBaseRequest.php

添加两个方法

    /**
     * @return bool
     * 确定当前请求是否要求JSON。
     */
    public function wantsJson()
    {
        return true;
    }
    
    /**
     * @return bool
     * 确定当前请求是否可能期望JSON响应
     */
    public function expectsJson()
    {
        return true;
    }

2.5 配置接受和返回json

publicindex.php

$response = $kernel->handle(
//    $request = IlluminateHttpRequest::capture()
    $request = AppHttpRequestsBaseRequest::capture()
);

2.6 编写api认证代码

2.61 路由

outesapi.php

Route::post('/register','AuthApiController@register');
Route::post('/login','AuthApiController@login');
Route::post('/refresh','AuthApiController@refresh');
Route::post('/logout','AuthApiController@logout');

2.62 控制器

php artisan make:controller AuthApiController

<?php

namespace AppHttpControllersAuth;

use AppHttpControllersController;
use IlluminateHttpRequest;
use AppUser;
use IlluminateSupportFacadesValidator;
use IlluminateSupportFacadesAuth;
use IlluminateSupportStr;


use AppTraitsAuthenticatesUsers;

class ApiController extends Controller
{
    //
    public function __construct()
    {
        $this->middleware('auth')
          ->except('login','register');
    }
    /*
     * 由于我已经在Traits里修改了认证字段 所以这里不需要。
     * https://www.cnblogs.com/polax/p/14656132.html
     * 
    protected function username()
    {
       return 'name';
    }
    */
    use AuthenticatesUsers;
    public function register(Request $request)
    {
       $this->validator($request->all())->validate();
       $api_token = Str::random(80);
       $data = array_merge($request->all(),compact('api_token'));
       $this->create($data);
       return compact('api_token');
    }
    
    protected function validator(array $data)
    {
        return Validator::make($data,[
          'name'=>['required','string','max:255','unique:users'],
          'password'=>['required','string','min:8','confirmed']
        ]);
    }
    protected function create(array $data)
    {
       return User::forceCreate([
         'name'         =>$data['name'],
         //'email'        =>$data['email'],
         'password'     =>password_hash($data['password'],PASSWORD_DEFAULT),
         'api_token'    =>hash('sha256',$data['api_token'])
       ]);
    }
    public function logout()
    {
        Auth::user()->update(['api_token'=>null]);
        return ['message'=>'退出登录成功'];
    }
    
    public function login()
    {
        $user = User::where($this->username(),request($this->username()))
          ->firstOrFail();
        if (!password_verify(request('password'),$user->password)){
            return response()->json(['error'=>'抱歉，账号名或密码错误'],403);
        }
        $api_token = Str::random(80);
        $user->update(['api_token'=>hash('sha256',$api_token)]);
        return compact('api_token');
    }
    public function refresh()
    {
        $api_token = Str::random(80);
        Auth::user()->update(['api_token'=>hash('sha256',$api_token)]);
        return compact('api_token');
    }
}