Home > PHP Framework > Laravel > Using Laravel to integrate JWT authentication to develop RestfulApi

Using Laravel to integrate JWT authentication to develop RestfulApi

Guanhui
Release: 2020-05-09 10:43:45
forward
2501 people have browsed it

In this article, we will learn how to build a restful API in Laravel using JWT authentication. JWT stands for JSON Web Tokens. We will also use the API to create a fully functional CRUD application for the user product.

API is a very good choice when using cross-platform applications. In addition to a website, your product may also have Android and iOS apps. In this case, the API is equally great because you can write different frontends without changing any backend code. When using the API, just hit a GET, POST or other type of request with some parameters, and the server will return some data in JSON (JavaScript Object Notation) format, which is processed by the client application.

Instructions

Let’s start by writing down our application details and features. We will build a basic user product list using restful API in laravel using JWT authentication.

A User will use the following functions

  • Register and create a new account

  • Log in Go to their account

  • Logout and discard token and leave the app

  • Get logged in user details

  • Retrieve the list of products available to the user

  • Find a specific product by ID

  • Add a new product to the user's product list

  • Edit existing product details

  • Remove existing product from user list

A User Required

  • name

  • email

  • password

A Product Required

  • ##name

  • price

  • ##quantity

Create new item By running the following command, we can start and create a new Laravel project.

composer create-project --prefer-dist laravel/laravel jwt

This will create a new Laravel project in a directory named jwt.

Configuring the JWT extension packageWe will use the tymondesigns/jwt-auth extension package to allow us to use JWT in Laravel.

Install the tymon/jwt-auth extension packageLet us install this extension package in this Laravel application. If you are using Laravel 5.5 or above, please run the following command to get the dev-develop version of the JWT package:

composer require tymon/jwt-auth:dev-develop --prefer-source
Copy after login

If you are using Laravel 5.4 or below, then run the following command:

composer require tymon/jwt-auth
Copy after login

For applications with Laravel versions lower than 5.5, you also need to set the service provider and alias in the config/app.php file.

'providers' => [
    ....
    Tymon\JWTAuth\Providers\JWTAuthServiceProvider::class,
    ....
],
'aliases' => [
    ....
    'JWTAuth' => Tymon\JWTAuth\Facades\JWTAuth::class,
    'JWTFactory' => 'Tymon\JWTAuth\Facades\JWTFactory',
    ....
],
Copy after login

If your Laravel version is 5.5 or above, Laravel will perform "package automatic discovery".

Publish the configuration fileFor Laravel version 5.5 or above, please use the following command to publish the configuration file:

php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"
Copy after login

For previous versions of Laravel, you should run the following command:

php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\JWTAuthServiceProvider"
Copy after login

The above command will generate the config/jwt.php configuration file. Without the comments, the configuration file would look like this:

<?php
return [
    &#39;secret&#39; => env(&#39;JWT_SECRET&#39;),
    &#39;keys&#39; => [
        &#39;public&#39; => env(&#39;JWT_PUBLIC_KEY&#39;),
        &#39;private&#39; => env(&#39;JWT_PRIVATE_KEY&#39;),
        &#39;passphrase&#39; => env(&#39;JWT_PASSPHRASE&#39;),
    ],
    &#39;ttl&#39; => env(&#39;JWT_TTL&#39;, 60),
    &#39;refresh_ttl&#39; => env(&#39;JWT_REFRESH_TTL&#39;, 20160),
    &#39;algo&#39; => env(&#39;JWT_ALGO&#39;, &#39;HS256&#39;),
    &#39;required_claims&#39; => [
        &#39;iss&#39;,
        &#39;iat&#39;,
        &#39;exp&#39;,
        &#39;nbf&#39;,
        &#39;sub&#39;,
        &#39;jti&#39;,
    ],
    &#39;persistent_claims&#39; => [
        // &#39;foo&#39;,
        // &#39;bar&#39;,
    ],
    &#39;lock_subject&#39; => true,
    &#39;leeway&#39; => env(&#39;JWT_LEEWAY&#39;, 0),
    &#39;blacklist_enabled&#39; => env(&#39;JWT_BLACKLIST_ENABLED&#39;, true),
    &#39;blacklist_grace_period&#39; => env(&#39;JWT_BLACKLIST_GRACE_PERIOD&#39;, 0),
    &#39;decrypt_cookies&#39; => false,
    &#39;providers&#39; => [
        &#39;jwt&#39; => Tymon\JWTAuth\Providers\JWT\Lcobucci::class,
        &#39;auth&#39; => Tymon\JWTAuth\Providers\Auth\Illuminate::class,
        &#39;storage&#39; => Tymon\JWTAuth\Providers\Storage\Illuminate::class,
    ],
];
Copy after login

Generate JWT keyJWT tokens are issued using an encrypted key . For Laravel 5.5 or above, run the following command to generate a key for issuing tokens.

php artisan jwt:secret
Copy after login

If the Laravel version is lower than 5.5, run:

php artisan jwt:generate
Copy after login

This tutorial uses Laravel 5.6. The next steps in the tutorial have only been tested in 5.5 and 5.6. May not work with Laravel 5.4 or below. You can read documentation for older versions of Laravel.

Registration MiddlewareThe JWT Authentication extension package comes with middleware that allows us to use it. Register auth.jwt middleware in app/Http/Kernel.php:

protected $routeMiddleware = [
    ....
    &#39;auth.jwt&#39; => \Tymon\JWTAuth\Http\Middleware\Authenticate::class,
];
Copy after login

This middleware will verify the user's authentication by checking the token attached to the request. If the user is not authenticated, this middleware will throw an UnauthorizedHttpException exception.

Set up routingBefore we begin, we will set up routing for all the points discussed in this tutorial. Open routes/api.php and copy the following routes into your file.

Route::post(&#39;login&#39;, &#39;ApiController@login&#39;);
Route::post(&#39;register&#39;, &#39;ApiController@register&#39;);
Route::group([&#39;middleware&#39; => &#39;auth.jwt&#39;], function () {
    Route::get(&#39;logout&#39;, &#39;ApiController@logout&#39;);
    Route::get(&#39;user&#39;, &#39;ApiController@getAuthUser&#39;);
    Route::get(&#39;products&#39;, &#39;ProductController@index&#39;);
    Route::get(&#39;products/{id}&#39;, &#39;ProductController@show&#39;);
    Route::post(&#39;products&#39;, &#39;ProductController@store&#39;);
    Route::put(&#39;products/{id}&#39;, &#39;ProductController@update&#39;);
    Route::delete(&#39;products/{id}&#39;, &#39;ProductController@destroy&#39;);
});
Copy after login

Update User modelJWT needs to implement the Tymon\JWTAuth\Contracts\JWTSubject interface in the User model. This interface needs to implement two methods getJWTIdentifier and getJWTCustomClaims. Update app/User.php with the following content.

<?php
namespace App;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use Tymon\JWTAuth\Contracts\JWTSubject;
class User extends Authenticatable implements JWTSubject
{
    use Notifiable;
    /**
     * The attributes that are mass assignable.
     *
     * @var array
     */
    protected $fillable = [
        &#39;name&#39;, &#39;email&#39;, &#39;password&#39;,
    ];
    /**
     * The attributes that should be hidden for arrays.
     *
     * @var array
     */
    protected $hidden = [
        &#39;password&#39;, &#39;remember_token&#39;,
    ];
    /**
     * Get the identifier that will be stored in the subject claim of the JWT.
     *
     * @return mixed
     */
    public function getJWTIdentifier()
    {
        return $this->getKey();
    }
    /**
     * Return a key value array, containing any custom claims to be added to the JWT.
     *
     * @return array
     */
    public function getJWTCustomClaims()
    {
        return [];
    }
}
Copy after login

JWT Authentication LogicLet us write the logic of Restful API in laravel using JWT authentication.

用户注册时需要姓名,邮箱和密码。那么,让我们创建一个表单请求来验证数据。通过运行以下命令创建名为 RegisterAuthRequest 的表单请求:

php artisan make:request RegisterAuthRequest
Copy after login

它将在 app/Http/Requests 目录下创建 RegisterAuthRequest.php 文件。将下面的代码黏贴至该文件中。

<?php
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
class RegisterAuthRequest extends FormRequest
{
    /**
     * 确定是否授权用户发出此请求
     *
     * @return bool
     */
    public function authorize()
    {
        return true;
    }
    /**
     * 获取应用于请求的验证规则
     *
     * @return array
     */
    public function rules()
    {
        return [
            &#39;name&#39; => &#39;required|string&#39;,
            &#39;email&#39; => &#39;required|email|unique:users&#39;,
            &#39;password&#39; => &#39;required|string|min:6|max:10&#39;
        ];
    }
}
Copy after login

运行以下命令创建一个新的 ApiController :

php artisan make:controller ApiController
Copy after login

这将会在 app/Http/Controllers 目录下创建 ApiController.php 文件。将下面的代码黏贴至该文件中。

<?php
namespace App\Http\Controllers;
use App\Http\Requests\RegisterAuthRequest;
use App\User;
use Illuminate\Http\Request;
use JWTAuth;
use Tymon\JWTAuth\Exceptions\JWTException;
class ApiController extends Controller
{
    public $loginAfterSignUp = true;
    public function register(RegisterAuthRequest $request)
    {
        $user = new User();
        $user->name = $request->name;
        $user->email = $request->email;
        $user->password = bcrypt($request->password);
        $user->save();
        if ($this->loginAfterSignUp) {
            return $this->login($request);
        }
        return response()->json([
            &#39;success&#39; => true,
            &#39;data&#39; => $user
        ], 200);
    }
    public function login(Request $request)
    {
        $input = $request->only(&#39;email&#39;, &#39;password&#39;);
        $jwt_token = null;
        if (!$jwt_token = JWTAuth::attempt($input)) {
            return response()->json([
                &#39;success&#39; => false,
                &#39;message&#39; => &#39;Invalid Email or Password&#39;,
            ], 401);
        }
        return response()->json([
            &#39;success&#39; => true,
            &#39;token&#39; => $jwt_token,
        ]);
    }
    public function logout(Request $request)
    {
        $this->validate($request, [
            &#39;token&#39; => &#39;required&#39;
        ]);
        try {
            JWTAuth::invalidate($request->token);
            return response()->json([
                &#39;success&#39; => true,
                &#39;message&#39; => &#39;User logged out successfully&#39;
            ]);
        } catch (JWTException $exception) {
            return response()->json([
                &#39;success&#39; => false,
                &#39;message&#39; => &#39;Sorry, the user cannot be logged out&#39;
            ], 500);
        }
    }
    public function getAuthUser(Request $request)
    {
        $this->validate($request, [
            &#39;token&#39; => &#39;required&#39;
        ]);
        $user = JWTAuth::authenticate($request->token);
        return response()->json([&#39;user&#39; => $user]);
    }
}
Copy after login

让我解释下上面的代码发生了什么。

在 register 方法中,我们接收了 RegisterAuthRequest 。使用请求中的数据创建用户。如果 loginAfterSignUp 属性为 true ,则注册后通过调用 login 方法为用户登录。否则,成功的响应则将伴随用户数据一起返回。

在 login 方法中,我们得到了请求的子集,其中只包含电子邮件和密码。以输入的值作为参数调用 JWTAuth::attempt() ,响应保存在一个变量中。如果从 attempt 方法中返回 false ,则返回一个失败响应。否则,将返回一个成功的响应。

在 logout 方法中,验证请求是否包含令牌验证。通过调用 invalidate 方法使令牌无效,并返回一个成功的响应。如果捕获到 JWTException 异常,则返回一个失败的响应。

在 getAuthUser 方法中,验证请求是否包含令牌字段。然后调用 authenticate 方法,该方法返回经过身份验证的用户。最后,返回带有用户的响应。

身份验证部分现在已经完成。

构建产品部分

要创建产品部分,我们需要 Product 模型,控制器和迁移文件。运行以下命令来创建 Product 模型,控制器和迁移文件。

php artisan make:model Product -mc
Copy after login

它会在 database/migrations 目录下创建一个新的数据库迁移文件 create_products_table.php,更改 up 方法。

public function up()
{
    Schema::create(&#39;products&#39;, function (Blueprint $table) {
        $table->increments(&#39;id&#39;);
        $table->integer(&#39;user_id&#39;);
        $table->string(&#39;name&#39;);
        $table->integer(&#39;price&#39;);
        $table->integer(&#39;quantity&#39;);
        $table->timestamps();
        $table->foreign(&#39;user_id&#39;)
            ->references(&#39;id&#39;)
            ->on(&#39;users&#39;)
            ->onDelete(&#39;cascade&#39;);
    });
}
Copy after login

向 Product 模型中添加 fillable 属性。在 app 目录下打开 Product.php 文件并添加属性。

protected $fillable = [
    &#39;name&#39;, &#39;price&#39;, &#39;quantity&#39;
];
Copy after login

现在在 .env 文件中设置数据库凭证,并通过运行以下命令迁移数据库。

php artisan migrate
Copy after login

现在,我们必须在 User 模型中添加一个关系来检索相关产品。在 app/User.php 中添加以下方法。

public function products()
{
    return $this->hasMany(Product::class);
}
Copy after login

在 app/Http/Controllers 目录下打开 ProductController.php 文件。在文件开头添加 use 指令覆盖上一个。

use App\Product;
use Illuminate\Http\Request;
use JWTAuth;
Copy after login

现在我们将实现五个方法。

index, 为经过身份认证的用户获取所有产品列表

show, 根据 ID 获取特定的产品

store, 将新产品存储到产品列表中

update, 根据 ID 更新产品详情

destroy, 根据 ID 从列表中删除产品

添加一个构造函数来获取经过身份认证的用户,并将其保存在 user 属性中。

protected $user;
public function __construct()
{
    $this->user = JWTAuth::parseToken()->authenticate();
}
Copy after login

parseToken 将解析来自请求的令牌, authenticate 通过令牌对用户进行身份验证。

让我们添加 index 方法。

public function index()
{
    return $this->user
        ->products()
        ->get([&#39;name&#39;, &#39;price&#39;, &#39;quantity&#39;])
        ->toArray();
}
Copy after login

上面的代码非常简单,我们只是使用 Eloquent 的方法获取所有的产品,然后将结果组成一个数组。最后,我们返回这个数组。Laravel 将自动将其转换为 JSON ,并创建一个为 200 成功的响应码。

继续实现 show 方法。

public function show($id)
{
    $product = $this->user->products()->find($id);
    if (!$product) {
        return response()->json([
            &#39;success&#39; => false,
            &#39;message&#39; => &#39;Sorry, product with id &#39; . $id . &#39; cannot be found&#39;
        ], 400);
    }
    return $product;
}
Copy after login

这个也非常容易理解。我们只需要根据 ID 找到该产品。如果产品不存在,则返回 400 故障响应。否则,将返回产品数组。

接下来是 store 方法

public function store(Request $request)
{
    $this->validate($request, [
        &#39;name&#39; => &#39;required&#39;,
        &#39;price&#39; => &#39;required|integer&#39;,
        &#39;quantity&#39; => &#39;required|integer&#39;
    ]);
    $product = new Product();
    $product->name = $request->name;
    $product->price = $request->price;
    $product->quantity = $request->quantity;
    if ($this->user->products()->save($product))
        return response()->json([
            &#39;success&#39; => true,
            &#39;product&#39; => $product
        ]);
    else
        return response()->json([
            &#39;success&#39; => false,
            &#39;message&#39; => &#39;Sorry, product could not be added&#39;
        ], 500);
}
Copy after login

在 store 方法中,验证请求中是否包含名称,价格和数量。然后,使用请求中的数据去创建一个新的产品模型。如果,产品成功的写入数据库,会返回成功响应,否则返回自定义的 500 失败响应。

实现 update 方法

public function update(Request $request, $id)
{
    $product = $this->user->products()->find($id);
    if (!$product) {
        return response()->json([
            &#39;success&#39; => false,
            &#39;message&#39; => &#39;Sorry, product with id &#39; . $id . &#39; cannot be found&#39;
        ], 400);
    }
    $updated = $product->fill($request->all())
        ->save();
    if ($updated) {
        return response()->json([
            &#39;success&#39; => true
        ]);
    } else {
        return response()->json([
            &#39;success&#39; => false,
            &#39;message&#39; => &#39;Sorry, product could not be updated&#39;
        ], 500);
    }
}
Copy after login

在 update 方法中,我们通过 id 取得产品。如果产品不存在,返回一个 400 响应。然后,我们把请求中的数据使用 fill 方法填充到产品详情。更新产品模型并保存到数据库,如果记录成功更新,返回一个 200 成功响应,否则返回 500 内部服务器错误响应给客户端。

现在,让我们实现 destroy 方法。

public function destroy($id)
{
    $product = $this->user->products()->find($id);
    if (!$product) {
        return response()->json([
            &#39;success&#39; => false,
            &#39;message&#39; => &#39;Sorry, product with id &#39; . $id . &#39; cannot be found&#39;
        ], 400);
    }
    if ($product->delete()) {
        return response()->json([
            &#39;success&#39; => true
        ]);
    } else {
        return response()->json([
            &#39;success&#39; => false,
            &#39;message&#39; => &#39;Product could not be deleted&#39;
        ], 500);
    }
}
Copy after login

在 destroy 方法中,我们根据 ID 获取产品,如果产品不存在,则返回 400 响应。然后我们删除产品后并根据删除操作的成功状态返回适当的响应。

控制器代码现在已经完成,完整的控制器代码在这。

测试

我们首先来测试身份认证。我们将使用 serve 命令在开发机上启动 Web 服务,你也可以使用虚拟主机代替。运行以下命令启动 Web 服务。

php artisan serve
Copy after login

它将监听 localhost:8000

为了测试 restful API's,我们使用 Postman。填写好请求体之后,我们请求一下 register 路由。

Using Laravel to integrate JWT authentication to develop RestfulApi

Send the request and you will get the token.

Using Laravel to integrate JWT authentication to develop RestfulApi

Our user is now registered and authenticated. We can send another request to detect the login route, which will return a 200 and token.

Using Laravel to integrate JWT authentication to develop RestfulApi

Get user details

Using Laravel to integrate JWT authentication to develop RestfulApi

Test identity authentication has been completed. Next, test the product part, first create a product.

Using Laravel to integrate JWT authentication to develop RestfulApi

Now, get the product by requesting the index method.

Using Laravel to integrate JWT authentication to develop RestfulApi

You can test other routes and they will all work fine.

Recommended tutorial: "Laravel Tutorial"

The above is the detailed content of Using Laravel to integrate JWT authentication to develop RestfulApi. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:learnku.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template