Implementing PHP security verification using Laravel Passport

Using Laravel Passport to implement PHP security authentication

Introduction:
In modern web development, user authentication and authorization are very important security functions. Laravel Passport is an OAuth2-based authentication tool that can help us easily implement user authentication and authorization functions. This article explains how to implement secure authentication in PHP using Laravel Passport.

Steps:

1. Install Laravel Passport
   First, make sure the Laravel framework is installed. Next, enter the project directory in the terminal and execute the following command to install the Laravel Passport package:

   composer require laravel/passport

   After successful installation, run the following command to publish the files and database migrations required by the package:

   php artisan passport:install

2. Configure Passport
   Open the config/app.php file and add the following service provider in the providers array:

   LaravelPassportPassportServiceProvider::class,

   Then, in the $routeMiddleware array in the app/Http/Kernel.php file, add the following middleware:

   'client' => LaravelPassportHttpMiddlewareCheckClientCredentials::class,

   Finally, in the app /User.php Add the HasApiTokens trait of Passport to the /User.php

   file:

   use LaravelPassportHasApiTokens;

   and introduce it in the trait
   array of the class:

   use HasApiTokens;

   Now, we have successfully configured Laravel Passport.

3. 
   Create user authentication interface

   First, we need to create a controller to handle user authentication requests. You can execute the following command to generate a new controller:

   php artisan make:controller AuthController

   Then, add the following method in AuthController
   to handle registration and login requests:

use IlluminateHttpRequest;
use IlluminateSupportFacadesAuth;

class AuthController extends Controller
{
 public function register(Request $request)
 {
     // 验证请求数据
     $request->validate([
         'name' => 'required|unique:users',
         'email' => 'required|email|unique:users',
         'password' => 'required|min:6'
     ]);

     // 创建用户
     $user = User::create([
         'name' => request('name'),
         'email' => request('email'),
         'password' => bcrypt(request('password')),
     ]);

     // 生成访问令牌
     $token = $user->createToken('accessToken')->accessToken;

     // 返回响应
     return response()->json(['token' => $token], 200);
 }

 public function login(Request $request)
 {
     // 验证请求数据
     $credentials = request(['email', 'password']);

     // 检查用户凭据
     if (!Auth::attempt($credentials)) {
         return response()->json(['message' => 'Unauthorized'], 401);
     }

     // 获取当前用户
     $user = $request->user();

     // 生成访问令牌
     $token = $user->createToken('accessToken')->accessToken;

     // 返回响应
     return response()->json(['user' => $user, 'token' => $token], 200);
 }
}

4. 
   Create RoutesOpen the routes/api.php

   file and add the following routes:

Route::post('register', 'AuthController@register');
Route::post('login', 'AuthController@login')->middleware('client');

5. 
   Use Passport GuardOpen config/auth.php file, and change the api guard driver to passport

   :

'guards' => [
 'api' => [
     'driver' => 'passport',
     'provider' => 'users',
 ],
],

6. 
   Use authenticated userNow, we can use the auth:api middleware to authenticate users and secure related API routes. For example, in AuthController

   , you can add the following route:

   public function profile()
   {
    $user = Auth::user();
   
    return response()->json(['user' => $user], 200);
   }

   Then, in routes/api.php
   , add the following route:

   Route::get('profile', 'AuthController@profile')->middleware('auth:api');

   In this way, when accessing the /api/profile route, the user will be asked to provide a valid authentication token first.

Summary:

This article details how to use Laravel Passport to implement PHP security verification. By installing and configuring Laravel Passport, we can quickly implement user authentication and authorization functions and protect our API routes. Hopefully this article will be helpful to developers using Laravel Passport for authentication. ###

The above is the detailed content of Implementing PHP security verification using Laravel Passport. For more information, please follow other related articles on the PHP Chinese website!