Php Laravel 5.3 Rest API登录

我在尝试使用Laravel5.3创建RESTAPI登录时遇到问题。 我创建了一个扩展用户的学生模型，它在迁移中有电子邮件和密码

这是警卫，我把提供者改成了学生

  'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],

    'api' => [
        'driver' => 'token',
        'provider' => 'students'
    ],
],

这就是供应商

'providers' => [
    'users' => [
        'driver' => 'eloquent',
        'model' => App\User::class,
    ],

    'students' => [
        'driver' => 'eloquent',
        'model' => App\Student::class,
    ],


    'teachers' => [
        'driver' => 'eloquent',
        'model' => App\Teacher::class,
    ],
],

我想使用学生的凭据创建一个rest登录API。如果登录成功，服务器应返回学生的个人信息。我已经搜索了很多laracasts，但没有找到类似的东西。新版本有很多变化。所以我很困惑

学生登录功能

---

在这种情况下，Auth:：check方法和Auth:：validate方法都不起作用。有什么问题吗？如何实现RESTAPI的登录

我和你有些问题

我使用了laravel的特质，通过一些方法为handel创建了一个ApiController

请查看：

<?php

namespace App\Http\Controllers\Api;

use Illuminate\Routing\Controller as BaseController;

class ApiController extends BaseController
{
    protected $statusCode=200;

    public function getStatusCode()
    {
        return $this->statusCode;
    }

    public function setStatusCode($code) 
    {
        $this->statusCode = $code;
        return $this;
    }

    public function respondNotFound($message = 'Not Found')
    {
        return $this->setStatusCode(404)->respondWithError($message);
    }

    public function respondInternalError($message = 'Internal Error')
    {
        return $this->setStatusCode(500)->respondWithError($message);
    }

    public function respondUnathourize($message = 'Login Failed username or password doesnt match')
    {
        return $this->setStatusCode(401)->respondWithError($message);
    }

    public function respond($data, $headers=[])
    {
        return response()->json($data,$this->getStatusCode(), $headers);
    }

    private function respondWithError($message) 
    {
        return $this->respond([
            'error' => [
                'message'=>$message,
                'status_code' => $this->getStatusCode()
            ],
        ]);
    }

}

这是我的登录控制器AuthenticateController.php

<?php

namespace App\Http\Controllers\Api;

use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Illuminate\Foundation\Validation\ValidatesRequests;

class AuthenticateController extends ApiController
{

    use AuthenticatesUsers,ValidatesRequests;

    public function login(Request $request)
    {        
        $this->validateLogin($request);

        // If the class is using the ThrottlesLogins trait, we can automatically throttle
        // the login attempts for this application. We'll key this by the username and
        // the IP address of the client making these requests into this application.
        if ($lockedOut = $this->hasTooManyLoginAttempts($request)) {
            $this->fireLockoutEvent($request);

            return $this->sendLockoutResponse($request);
        }

        $credentials = $this->credentials($request);

        if ($this->guard()->attempt($credentials, $request->has('remember'))) {
            return $this->sendLoginResponse($request);
        }

        // If the login attempt was unsuccessful we will increment the number of attempts
        // to login and redirect the user back to the login form. Of course, when this
        // user surpasses their maximum number of attempts they will get locked out.
        if (! $lockedOut) {
            $this->incrementLoginAttempts($request);
        }

        return $this->sendFailedLoginResponse($request);
    }

    protected function sendLoginResponse(Request $request)
    {               

        $this->clearLoginAttempts($request);
        $this->setApiKey();
        return $this->respond([
           'data'=>$this->guard()->user() 
        ]);
    }

    /**
     * Get the failed login response instance.
     * @overide
     */
    protected function sendFailedLoginResponse()
    {
        return $this->respondUnathourize();
    }    

    private function setApiKey()
    {
        $user = $this->guard()->user();
        $user->api_token = sha1(date("Y-m-d H:i:s").$user->name);
        $user->save();
    }
}

希望能有所帮助

干杯

---

亨德拉我和你有些问题

我使用了laravel的特质，通过一些方法为handel创建了一个ApiController

请查看：

<?php

namespace App\Http\Controllers\Api;

use Illuminate\Routing\Controller as BaseController;

class ApiController extends BaseController
{
    protected $statusCode=200;

    public function getStatusCode()
    {
        return $this->statusCode;
    }

    public function setStatusCode($code) 
    {
        $this->statusCode = $code;
        return $this;
    }

    public function respondNotFound($message = 'Not Found')
    {
        return $this->setStatusCode(404)->respondWithError($message);
    }

    public function respondInternalError($message = 'Internal Error')
    {
        return $this->setStatusCode(500)->respondWithError($message);
    }

    public function respondUnathourize($message = 'Login Failed username or password doesnt match')
    {
        return $this->setStatusCode(401)->respondWithError($message);
    }

    public function respond($data, $headers=[])
    {
        return response()->json($data,$this->getStatusCode(), $headers);
    }

    private function respondWithError($message) 
    {
        return $this->respond([
            'error' => [
                'message'=>$message,
                'status_code' => $this->getStatusCode()
            ],
        ]);
    }

}

这是我的登录控制器AuthenticateController.php

<?php

namespace App\Http\Controllers\Api;

use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Illuminate\Foundation\Validation\ValidatesRequests;

class AuthenticateController extends ApiController
{

    use AuthenticatesUsers,ValidatesRequests;

    public function login(Request $request)
    {        
        $this->validateLogin($request);

        // If the class is using the ThrottlesLogins trait, we can automatically throttle
        // the login attempts for this application. We'll key this by the username and
        // the IP address of the client making these requests into this application.
        if ($lockedOut = $this->hasTooManyLoginAttempts($request)) {
            $this->fireLockoutEvent($request);

            return $this->sendLockoutResponse($request);
        }

        $credentials = $this->credentials($request);

        if ($this->guard()->attempt($credentials, $request->has('remember'))) {
            return $this->sendLoginResponse($request);
        }

        // If the login attempt was unsuccessful we will increment the number of attempts
        // to login and redirect the user back to the login form. Of course, when this
        // user surpasses their maximum number of attempts they will get locked out.
        if (! $lockedOut) {
            $this->incrementLoginAttempts($request);
        }

        return $this->sendFailedLoginResponse($request);
    }

    protected function sendLoginResponse(Request $request)
    {               

        $this->clearLoginAttempts($request);
        $this->setApiKey();
        return $this->respond([
           'data'=>$this->guard()->user() 
        ]);
    }

    /**
     * Get the failed login response instance.
     * @overide
     */
    protected function sendFailedLoginResponse()
    {
        return $this->respondUnathourize();
    }    

    private function setApiKey()
    {
        $user = $this->guard()->user();
        $user->api_token = sha1(date("Y-m-d H:i:s").$user->name);
        $user->save();
    }
}

希望能有所帮助

干杯

---

亨德拉

为什么不选择JWT？根据定义，REST应该是无状态的。因此，登录没有意义，这就是为什么您可能无法通过搜索REST登录来查找信息。@Devon HTTP请求是无状态的，这并不意味着您不需要令牌来处理。你不能依靠服务器来记住你是谁。@MarcoAurélioDeleu，那不是真正的登录，而是生成一个令牌。这就是我的意思。我认为Auht:：check只用于检查用户是否正在进行身份验证，而不是尝试Auth:：attampt函数，而不是Auth:：check。为什么不选择JWT？根据定义，REST应该是无状态的。因此，登录没有意义，这就是为什么您可能无法通过搜索REST登录来查找信息。@Devon HTTP请求是无状态的，这并不意味着您不需要令牌来处理。你不能依靠服务器来记住你是谁。@MarcoAurélioDeleu，那不是真正的登录，而是生成一个令牌。这就是我的意思。我认为Auht:：check仅用于检查用户是否正在进行身份验证，而不是尝试Auth:：attampt函数，而不是Auth:：check