这只是一次测试的使用,有点粗糙,万变不离其中,感谢大神的博客做参考
https://blog.csdn.net/tangzwgo/article/details/55195207
一、安装lumen5.4
composer create-project --prefer-dist laravel/lumen api '5.4.*'
项目名称 指定的框架版本
JWT-Auth 的托管地址 https://github.com/tymondesigns/jwt-auth
二、composer安装 tymon/jwt-auth 扩展包
1.在composer.json 中 添加 "tymon/jwt-auth": "1.0.*@dev",
- 再执行 composer update (不出意外的话就安装好了)
"require": {
"php": ">=5.6.4",
"laravel/lumen-framework": "5.4.*",
"vlucas/phpdotenv": "~2.2",
"maatwebsite/excel": "^2.1",
"dingo/api": "1.0.*@dev",
"tymon/jwt-auth": "1.0.*@dev",
"laravel-doctrine/orm": "1.3.*"
},
三、修改bootstrap/app.php文件 配置secret
- 去掉$app->withFacades();前的注释
- 去掉$app->withEloquent();前的注释
- 找到 Register Service Providers项,添加 $app->register(Tymon\JWTAuth\Providers\LumenServiceProvider::class);
- 执行php artisan jwt:secret 命令生成jwt的secret
四、创建auth文件
在app的同级目录创建config文件夹再新建auth.php文件 config/auth.php,内容为:
[
'guard' => env('AUTH_GUARD', 'api'),
'passwords' => 'users',
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "token"
|
*/
'guards' => [
'api' => [
'driver' => 'jwt',
'provider' => 'users'
],
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| If you have multiple user tables or models you may configure multiple
| sources which represent each model / table. These sources may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
],
/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
|
| Here you may set the options for resetting passwords including the view
| that is your password reset e-mail. You may also set the name of the
| table that maintains all of the reset tokens for your application.
|
| You may specify multiple password reset configurations if you have more
| than one user table or model in the application and you want to have
| separate password reset settings based on the specific user types.
|
| The expire time is the number of minutes that the reset token should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/
'passwords' => [
//
],
];
五、修改app/Providers/AuthServiceProvider.php
app['auth']->viaRequest('api', function ($request) {
return \App\User::where('email', $request->input('email'))->first();
});
}
}
六、修改app/User.php(相当于Model)
getKey();
}
public function getJWTCustomClaims()
{
return [];
}
}
七、编写一个获取token的控制器
注意!!!!!!!!!!!!!!!!!!!!!!!!!1
注意!!!!!!!!!!!!!!!!!!!!!!!!!1
在数据库中的密码password 必须是加密过的 哈希密码,不然的话在->attempt 生成token的时候会返回false, 可能由于我计算太菜,在这里整整卡了两天,结果上个厕所回来找到了
image.png
jwt = $jwt;
}
/**
* 获取token
* @param Request $request
* @return \Illuminate\Http\JsonResponse
*/
public function authenticate(Request $request)
{
// dd( password_hash("yeyu5520", PASSWORD_DEFAULT) );
$this->validate($request, [
'email' => 'required|email|max:255',
'password' => 'required',
]);
try {
if (! $token = app('auth')->guard('api')->attempt($request->only('email', 'password'))) {
return response()->json(['user_not_found'], 404);
}
} catch (TokenExpiredException $e) {
return response()->json(['token_expired'], 500);
} catch (TokenInvalidException $e) {
return response()->json(['token_invalid'], 500);
} catch (JWTException $e) {
return response()->json(['token_absent' => $e->getMessage()], 500);
}
return response()->json(compact('token'));
}
}
七、添加一个路由测试
$api->version(['v1'], ['namespace' => 'App\Http\Controllers\Auth'], function($api){
//获取token
$api->post('auth/token', 'AuthenticateController@authenticate');
});
image.png
到此就完成了