Php 从web或Laravel中的api登录时如何使用不同的防护?
我正在为一个移动应用程序创建一个Laravel(5.7)应用程序。所以我有一个API和一个Web面板,两者都需要登录,并且每个都有一个模型。对于Web登录,对于通过应用程序注册的用户,我使用Php 从web或Laravel中的api登录时如何使用不同的防护?,php,laravel,jwt,restful-authentication,multi-model-database,Php,Laravel,Jwt,Restful Authentication,Multi Model Database,我正在为一个移动应用程序创建一个Laravel(5.7)应用程序。所以我有一个API和一个Web面板,两者都需要登录,并且每个都有一个模型。对于Web登录,对于通过应用程序注册的用户,我使用用户模型(因为这是操作角色)和另一个模型客户端 我正在使用JWT为移动应用程序创建身份验证令牌,并使用Web面板的常规登录 复杂的是,默认的auth.phpguard是web,如果使用API中的(以下)身份验证方法,它将查找用户表,而不是客户表,当我将de default guard更改为api时,它是固定的
用户
模型(因为这是操作角色)和另一个模型客户端
我正在使用JWT
为移动应用程序创建身份验证令牌,并使用Web面板的常规登录
复杂的是,默认的auth.phpguard
是web
,如果使用API中的(以下)身份验证方法,它将查找用户表,而不是客户表,当我将de default guard更改为api时,它是固定的,但是Web登录会尝试查看客户机表
所以,简而言之,我试着用许多不同的方式切换这个默认的保护,但它就是不起作用。我做过的一些测试(失败)是:
- 将登录控制器中的$guard变量更改为web,并在auth.php中将api设置为默认值
- 使用
Config::set('auth.defaults.guard','api')在执行时覆盖默认的auth.php保护代码>或config('auth.defaults.guard','api')代码>(及其所有变体)在我的API的身份验证方法中
这是我的auth.php文件
<?php
return [
/*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option controls the default authentication "guard" and password
| reset options for your application. You may change these defaults
| as required, but they're a perfect start for most applications.
|
*/
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "session", "token"
|
*/
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'session',
'provider' => 'clients'
],
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| If you have multiple user tables or models you may configure multiple
| sources which represent each model / table. These sources may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'clients' => [
'driver' => 'eloquent',
'model' => App\Client::class,
],
],
/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
|
| You may specify multiple password reset configurations if you have more
| than one user table or model in the application and you want to have
| separate password reset settings based on the specific user types.
|
| The expire time is the number of minutes that the reset token should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/
'passwords' => [
'users' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 60,
],
],
];
另外,这是我的客户模型
<?php
namespace App;
use Tymon\JWTAuth\Contracts\JWTSubject;
use Illuminate\Foundation\Auth\User as Authenticatable;
class Client extends Authenticatable implements JWTSubject
{
protected $hidden = [
'password', 'phone_verification_code', 'phone_verified_at'
];
public function getJWTIdentifier()
{
return $this->getKey();
}
public function getJWTCustomClaims()
{
return [];
}
}
该$request
实例有一个user
方法,该方法接受一个参数:
$request->user('apiguard');
如果您正在尝试身份验证:
Auth::guard('apiguard')->attempt($credentials);
尝试使用token
driverit仍在尝试查看用户表。“SQLSTATE[42S22]:未找到列:1054“where子句”中的未知列“phone”(SQL:select*fromusers
wherephone
=5517970659 limit 1)您可以尝试为多个身份验证生成的列。它可以正常工作,但不会生成JWTAuth令牌,实际上,变量$token返回true而不是JWTAuth令牌。
Auth::guard('apiguard')->attempt($credentials);