lumen 使用 jwt 实现用户认证

✨ 目录

🎈 安装 jwt 库🎈 修改文件🎈 修改配置文件🎈 生成Secret🎈 模型修改🎈 门卫验证🎈 登录退出验证🎈 路由守卫🎈 路由配置

🎈 安装 jwt 库

首先需要安装jwt-auth库

composer require tymon/jwt-auth

🎈 修改文件

打开bootstrap/app.php文件，进行以下修改

// 1、解除注释$app->withFacades();$app->withEloquent();// 2、解除注释，之后用该中间件进行用户认证$app->routeMiddleware(['auth' => App\Http\Middleware\Authenticate::class,]);// 3、注册AUTH服务$app->register(App\Providers\AuthServiceProvider::class);// 4、注册JWT服务$app->register(Tymon\JWTAuth\Providers\LumenServiceProvider::class);

🎈 修改配置文件

打开config/auth.php文件，进行修改如果没有config文件夹，可以将vendor/laravel/lumen-framework/config文件夹复制一份，放到根目录下主要修改两个地方，第一个是guards.api.driver中的值修改为jwt，第二个是将providers.users.model修改成用来验证用户的模型

<?phpreturn ['defaults' => ['guard' => env('AUTH_GUARD', 'api')],'guards' => ['api' => ['driver' => 'jwt', // 将api改成jwt，更改为JWT驱动'provider' => 'users']],'providers' => ['users' => ['driver' => 'eloquent','model' => App\Models\User::class // 修改成用来验证用户的Model]],'passwords' => [ // Lumen默认无session，所以该字段无意义],];

🎈 生成Secret

执行php artisan jwt:secret命令，将会在.env文件中随机生成JWT_SECRET参数如果想配置JWT其他参数，可以在.env文件中进行如下参数编辑

// 上面命令随机生成JWT_SECRET=5jFaYn*******************axtMwuo9k//有效时间 单位：分钟JWT_TTL = 60//刷新时间 单位：分钟 默认 14天 JWT_REFRESH_TTL = 0//宽限时间 单位：秒JWT_BLACKLIST_GRACE_PERIOD = 60

🎈 模型修改

上面修改配置文件中，修改了providers.users.model值用来作为用户验证，根据自己修改的模型来进行下列修改打开App\Models\User文件进行下列修改

<?phpnamespace App\Models;use Illuminate\Auth\Authenticatable;use Illuminate\Database\Eloquent\Model;use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;use Illuminate\Contracts\Auth\Access\Authorizable as AuthorizableContract;use Laravel\Lumen\Auth\Authorizable;use Tymon\JWTAuth\Contracts\JWTSubject;class UserModel extends Model implements AuthenticatableContract, AuthorizableContract, JWTSubject{use Authenticatable, Authorizable;// 自定义表名protected $table = 'tinygeeker_user';// 不维护时间戳public $timestamps = false;protected $fillable = ['username', 'password'];protected $hidden = ['password'];/*** @inheritDoc* 获取jwt中的用户标识*/public function getJWTIdentifier(){return $this->getKey();}/*** @inheritDoc* 获取jwt中的用户自定义字段*/public function getJWTCustomClaims(){return [];}}

🎈 门卫验证

由于上面在bootstrap/app.php文件中，注册了权限验证服务$app->register(App\Providers\AuthServiceProvider::class)所以打开app/Providers/AuthServiceProvider.php，进行如下设置，使用auth中间件的api门卫的时候验证请求体

<?phpnamespace App\Providers;use App\User;use Illuminate\Support\Facades\Gate;use Illuminate\Support\ServiceProvider;use Illuminate\Support\Facades\Auth;class AuthServiceProvider extends ServiceProvider{public function register(){}public function boot(){$this->app['auth']->viaRequest('api', function ($request) {return app('auth')->setRequest($request)->user();});}}

🎈 登录退出验证

打开 UserController 控制器，编写登录退出的逻辑首先需要在构造函数__construct中，排除login验证$this->middleware('auth:api', ['except' => ['login']]);，因为登录是不用进行用户认证的

<?phpnamespace App\Http\Controllers;use App\Http\Controllers\Controller;use Illuminate\Http\Request;use App\Models\UserModel;// 需要引入 Auth 门面use Illuminate\Support\Facades\Auth;use Illuminate\Support\Facades\Validator;class UserController extends Controller{/*** 认证中间件, 排除登录*/public function __construct(){$this->middleware('auth:api', ['except' => ['login']]);}public function login(Request $request){$input = $request->only(['username', 'password']);$validator = Validator::make($input, ['username' => 'bail|required|min:5','password' => 'bail|required|min:6'], ['username.required' => '账号不能为空','password.required' => '密码不能为空',]);if ($validator->fails()) {return response()->json(['code' => 10000,'message' => $validator->errors()->first()]);}$user = AdminUserModel::where('username', $input['username'])->first();// 进行用户账号的状态和密码等验证....// 验证成功后，获取JWT的token$token = Auth::guard('api')->login($user);return response()->json(['code' => 20000,'message' => '获取token成功','data' => ['token' => $token]]);}// 获取用户信息public function info(Request $request){$user = Auth::user();return response()->Json(['code' => 20000,'message' => '获取用户信息成功','data' => compact('user')]);}// 退出登录的两种方法public function logout(Request $request){// Auth::invalidate(true); // 方法一Auth::logout(); // 方法二return response()->Json(['code' => 20000,'message' => '退出成功']);}public function refresh(){// 刷新用户的tokenAuth::refresh();return response()->Json(['code' => 20000,'message' => '刷新成功']);}}

🎈 路由守卫

如果想要在路由中使用权限认证，请在bootstrap/app.php中打开$app->routeMiddleware([ 'auth' => App\Http\Middleware\Authenticate::class ]);因为在上面已经开启，所以只需要在App\Http\Middleware\Authenticate.php中进行验证即可

<?phpnamespace App\Http\Middleware;use Closure;use Illuminate\Contracts\Auth\Factory as Auth;class Authenticate{protected $auth;public function __construct(Auth $auth){$this->auth = $auth;}public function handle($request, Closure $next, $guard = null){if ($this->auth->guard($guard)->guest()) {return response()->Json(['code' => 10000,'message' => '无效的令牌']);}return $next($request);}}

🎈 路由配置

在路由配置文件routes/web.php中，将需要进行验证的路由包裹起来即可

// 权限登录使用的验证服务，所以不用再次验证$router->group(['prefix' => 'user'], function () use ($router) {$router->post('login', '\App\Http\Controllers\UserController@login');$router->post('info', '\App\Http\Controllers\UserController@info');$router->post('logout', '\App\Http\Controllers\UserController@logout');});// 路由中间件验证$router->group(['middleware' => 'auth:api'], function () use ($router) {$router->group(['prefix' => 'geeker'], function () use ($router) {$router->post('list', '\App\Http\Controllers\TinygeekerController@list');$router->post('add', '\App\Http\Controllers\TinygeekerController@add');});$router->group(['prefix' => 'museum'], function () use ($router) {// ...});});