Php Laravel 5.3 Rest API登录
我在尝试使用Laravel5.3创建RESTAPI登录时遇到问题。 我创建了一个扩展用户的学生模型,它在迁移中有电子邮件和密码 这是警卫,我把提供者改成了学生Php Laravel 5.3 Rest API登录,php,rest,laravel,authentication,laravel-5.3,Php,Rest,Laravel,Authentication,Laravel 5.3,我在尝试使用Laravel5.3创建RESTAPI登录时遇到问题。 我创建了一个扩展用户的学生模型,它在迁移中有电子邮件和密码 这是警卫,我把提供者改成了学生 'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'api' => [ 'driver' => 'token',
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'students'
],
],
这就是供应商
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'students' => [
'driver' => 'eloquent',
'model' => App\Student::class,
],
'teachers' => [
'driver' => 'eloquent',
'model' => App\Teacher::class,
],
],
我想使用学生的凭据创建一个rest登录API。如果登录成功,服务器应返回学生的个人信息。我已经搜索了很多laracasts,但没有找到类似的东西。新版本有很多变化。所以我很困惑
学生登录功能
在这种情况下,Auth::check方法和Auth::validate方法都不起作用。有什么问题吗?如何实现RESTAPI的登录 我和你有些问题 我使用了laravel的特质,通过一些方法为handel创建了一个ApiController 请查看:
<?php
namespace App\Http\Controllers\Api;
use Illuminate\Routing\Controller as BaseController;
class ApiController extends BaseController
{
protected $statusCode=200;
public function getStatusCode()
{
return $this->statusCode;
}
public function setStatusCode($code)
{
$this->statusCode = $code;
return $this;
}
public function respondNotFound($message = 'Not Found')
{
return $this->setStatusCode(404)->respondWithError($message);
}
public function respondInternalError($message = 'Internal Error')
{
return $this->setStatusCode(500)->respondWithError($message);
}
public function respondUnathourize($message = 'Login Failed username or password doesnt match')
{
return $this->setStatusCode(401)->respondWithError($message);
}
public function respond($data, $headers=[])
{
return response()->json($data,$this->getStatusCode(), $headers);
}
private function respondWithError($message)
{
return $this->respond([
'error' => [
'message'=>$message,
'status_code' => $this->getStatusCode()
],
]);
}
}
这是我的登录控制器AuthenticateController.php
<?php
namespace App\Http\Controllers\Api;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Illuminate\Foundation\Validation\ValidatesRequests;
class AuthenticateController extends ApiController
{
use AuthenticatesUsers,ValidatesRequests;
public function login(Request $request)
{
$this->validateLogin($request);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if ($lockedOut = $this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
$credentials = $this->credentials($request);
if ($this->guard()->attempt($credentials, $request->has('remember'))) {
return $this->sendLoginResponse($request);
}
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
if (! $lockedOut) {
$this->incrementLoginAttempts($request);
}
return $this->sendFailedLoginResponse($request);
}
protected function sendLoginResponse(Request $request)
{
$this->clearLoginAttempts($request);
$this->setApiKey();
return $this->respond([
'data'=>$this->guard()->user()
]);
}
/**
* Get the failed login response instance.
* @overide
*/
protected function sendFailedLoginResponse()
{
return $this->respondUnathourize();
}
private function setApiKey()
{
$user = $this->guard()->user();
$user->api_token = sha1(date("Y-m-d H:i:s").$user->name);
$user->save();
}
}
希望能有所帮助
干杯
亨德拉我和你有些问题 我使用了laravel的特质,通过一些方法为handel创建了一个ApiController 请查看:
<?php
namespace App\Http\Controllers\Api;
use Illuminate\Routing\Controller as BaseController;
class ApiController extends BaseController
{
protected $statusCode=200;
public function getStatusCode()
{
return $this->statusCode;
}
public function setStatusCode($code)
{
$this->statusCode = $code;
return $this;
}
public function respondNotFound($message = 'Not Found')
{
return $this->setStatusCode(404)->respondWithError($message);
}
public function respondInternalError($message = 'Internal Error')
{
return $this->setStatusCode(500)->respondWithError($message);
}
public function respondUnathourize($message = 'Login Failed username or password doesnt match')
{
return $this->setStatusCode(401)->respondWithError($message);
}
public function respond($data, $headers=[])
{
return response()->json($data,$this->getStatusCode(), $headers);
}
private function respondWithError($message)
{
return $this->respond([
'error' => [
'message'=>$message,
'status_code' => $this->getStatusCode()
],
]);
}
}
这是我的登录控制器AuthenticateController.php
<?php
namespace App\Http\Controllers\Api;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Illuminate\Foundation\Validation\ValidatesRequests;
class AuthenticateController extends ApiController
{
use AuthenticatesUsers,ValidatesRequests;
public function login(Request $request)
{
$this->validateLogin($request);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if ($lockedOut = $this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
$credentials = $this->credentials($request);
if ($this->guard()->attempt($credentials, $request->has('remember'))) {
return $this->sendLoginResponse($request);
}
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
if (! $lockedOut) {
$this->incrementLoginAttempts($request);
}
return $this->sendFailedLoginResponse($request);
}
protected function sendLoginResponse(Request $request)
{
$this->clearLoginAttempts($request);
$this->setApiKey();
return $this->respond([
'data'=>$this->guard()->user()
]);
}
/**
* Get the failed login response instance.
* @overide
*/
protected function sendFailedLoginResponse()
{
return $this->respondUnathourize();
}
private function setApiKey()
{
$user = $this->guard()->user();
$user->api_token = sha1(date("Y-m-d H:i:s").$user->name);
$user->save();
}
}
希望能有所帮助
干杯
亨德拉为什么不选择JWT?根据定义,REST应该是无状态的。因此,登录没有意义,这就是为什么您可能无法通过搜索REST登录来查找信息。@Devon HTTP请求是无状态的,这并不意味着您不需要令牌来处理。你不能依靠服务器来记住你是谁。@MarcoAurélioDeleu,那不是真正的登录,而是生成一个令牌。这就是我的意思。我认为Auht::check只用于检查用户是否正在进行身份验证,而不是尝试Auth::attampt函数,而不是Auth::check。为什么不选择JWT?根据定义,REST应该是无状态的。因此,登录没有意义,这就是为什么您可能无法通过搜索REST登录来查找信息。@Devon HTTP请求是无状态的,这并不意味着您不需要令牌来处理。你不能依靠服务器来记住你是谁。@MarcoAurélioDeleu,那不是真正的登录,而是生成一个令牌。这就是我的意思。我认为Auht::check仅用于检查用户是否正在进行身份验证,而不是尝试Auth::attampt函数,而不是Auth::check