Using Laravel Passport to implement PHP security authentication
Introduction:
In modern web development, user authentication and authorization are very important security functions. Laravel Passport is an OAuth2-based authentication tool that can help us easily implement user authentication and authorization functions. This article explains how to implement secure authentication in PHP using Laravel Passport.
Steps:
Install Laravel Passport
First, make sure the Laravel framework is installed. Next, enter the project directory in the terminal and execute the following command to install the Laravel Passport package:
composer require laravel/passport
After successful installation, run the following command to publish the files and database migrations required by the package:
php artisan passport:install
Configure Passport
Open the config/app.php file and add the following service provider in the providers array:
LaravelPassportPassportServiceProvider::class,
Then, in the $routeMiddleware array in the app/Http/Kernel.php file, add the following middleware:
'client' => LaravelPassportHttpMiddlewareCheckClientCredentials::class,
Finally, in the app /User.php Add the HasApiTokens trait of Passport to the /User.php
use LaravelPassportHasApiTokens;
and introduce it in the trait array of the class: use HasApiTokens;
Create user authentication interface
php artisan make:controller AuthController
Then, add the following method in AuthController to handle registration and login requests: use IlluminateHttpRequest;
use IlluminateSupportFacadesAuth;
class AuthController extends Controller
{
public function register(Request $request)
{
// 验证请求数据
$request->validate([
'name' => 'required|unique:users',
'email' => 'required|email|unique:users',
'password' => 'required|min:6'
]);
// 创建用户
$user = User::create([
'name' => request('name'),
'email' => request('email'),
'password' => bcrypt(request('password')),
]);
// 生成访问令牌
$token = $user->createToken('accessToken')->accessToken;
// 返回响应
return response()->json(['token' => $token], 200);
}
public function login(Request $request)
{
// 验证请求数据
$credentials = request(['email', 'password']);
// 检查用户凭据
if (!Auth::attempt($credentials)) {
return response()->json(['message' => 'Unauthorized'], 401);
}
// 获取当前用户
$user = $request->user();
// 生成访问令牌
$token = $user->createToken('accessToken')->accessToken;
// 返回响应
return response()->json(['user' => $user, 'token' => $token], 200);
}
}
Create RoutesOpen the routes/api.php
Route::post('register', 'AuthController@register');
Route::post('login', 'AuthController@login')->middleware('client');
Use Passport GuardOpen config/auth.php file, and change the api guard driver to passport
'guards' => [
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
Use authenticated userNow, we can use the auth:api middleware to authenticate users and secure related API routes. For example, in AuthController
public function profile()
{
$user = Auth::user();
return response()->json(['user' => $user], 200);
} Then, in routes/api.php, add the following route: Route::get('profile', 'AuthController@profile')->middleware('auth:api');In this way, when accessing the /api/profile route, the user will be asked to provide a valid authentication token first.
Summary:
The above is the detailed content of Implementing PHP security verification using Laravel Passport. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
