很多人在api认证的时候很头疼下面我为大家介绍一种简答的方法发,小程序api接口认证也可以用的到;
一 数据库:
CREATE TABLE `admin_token_user` ( `id` int(11) unsigned NOT NULL AUTO_INCREMENT, `username` varchar(60) NOT NULL, `password` varchar(255) NOT NULL, PRIMARY KEY (`id`,`username`) ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8 CREATE TABLE `admin_token` ( `token` varchar(255) NOT NULL, `expire` varchar(30) NOT NULL COMMENT '过期时间', `uid` int(11) NOT NULL, PRIMARY KEY (`token`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8
二api漏油:
//写在api漏油文件里 Route::post('user/auth', 'APi\UserAuthController@getAuth'); Route::group(['middleware'=>'checkApi','namespace' => 'Api'], function(){ //这里的漏油就需要待上token认证了 });
三验证中间键:
<?PHP namespace App\Http\Middleware; use Closure; use Illuminate\Support\Facades\DB; class CheckApi { public function handle($request, Closure $next) { $errors = new \stdClass(); $Authorization = $request->header('Authorization'); $res = DB::table('admin_token')->where('token',$Authorization)->first(); if( $res ) { if( $res->expire < time() ) { $errors->stCode = 500; $errors->msg = 'token验证失败'; return response()->json($errors, 500); } }else { $errors->stCode = 500; $errors->msg = 'token验证失败'; return response()->json($errors, 500); } return $next($request); } }
四 获取token:
<?PHP namespace App\Http\Controllers\APi; use Illuminate\Http\Request; use Illuminate\Support\Facades\Cache; use Illuminate\Support\Facades\DB; use Illuminate\Support\Facades\Hash; class UserAuthController extends BaseApiController { /** * @param Request $request * @return \Illuminate\Http\JsonResponse * 返回密钥 */ public function getAuth( Request $request ) { //密码 admin 用户 xiaoshu 加密 哈希 $data['username'] = trim($request->input('username')); $password = trim($request->input('password')); $res = DB::table('admin_token_user')->where($data)->first(); $errors = new \stdClass(); if( $res ) { if( Hash::check($password,$res->password) ) { $token = encrypt(microtime()); $expire = time()+604800; //7天 DB::table('admin_token')->insert([ 'uid'=>$res->id, 'expire'=>$expire, //7天 'token'=> $token, ]); $errors->msg = '登陆成功'; $errors->token = $token; $errors->expire = $expire; return response()->json($errors, 200); }else { $errors->msg = '登陆失败'; $errors->token = ''; return response()->json($errors, 422); } } $errors->msg = '登陆失败'; $errors->token = ''; return response()->json($errors, 422); }
用法:用户先请求 user/auth这个地址传用户名和密码返回token 这个用户名在数据库添加,然后在访问其他地址的时候就要将token带在header里参数名称为
Authorization
原文地址:https://www.jb51.cc/php/2957967.html
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。