This time I will bring you a case analysis of the Laravel multi-user authentication system. What are the precautions when using the Laravel multi-user authentication system. The following is a practical case, let's take a look.
Preface
Since Laravel 5.2, the built-in Auth authentication system can support multiple role authentication. That is to say, if you have two roles: administrator and ordinary user, you can achieve authentication through the same Auth system.
This article will give you a detailed introduction to the relevant content of Laravel's multi-user authentication system, and share it for your reference and study. I won't say much below, let's take a look at the detailed introduction.
#1 Automatically generate code
Laravel’s own Auth can generate relevant authentication through a one-line commandController, template and routing:
php artisan make:auth
This will generate an AuthController authentication controller and HomeController universal controller. This controller is useless, it just jumps after successful login; there are also some login and registration requirements. You can find out the template file by looking at it in resource/view; and relevant authentication routes will also be generated in the routing file. The source code is in \Illuminate\Routing\Router::auth();
, which is actually Configured some login registration:
public function auth() { // Authentication Routes... $this->get('login', 'Auth\AuthController@showLoginForm'); $this->post('login', 'Auth\AuthController@login'); $this->get('logout', 'Auth\AuthController@logout'); // Registration Routes... $this->get('register', 'Auth\AuthController@showRegistrationForm'); $this->post('register', 'Auth\AuthController@register'); // Password Reset Routes... $this->get('password/reset/{token?}', 'Auth\PasswordController@showResetForm'); $this->post('password/email', 'Auth\PasswordController@sendResetLinkEmail'); $this->post('password/reset', 'Auth\PasswordController@reset'); }
#2 auth.php file configuration
This is the configuration related to authentication Document, it is estimated that many people do not understand some concepts in it, such as guard and provider
, and the documentation is basically not written. So what exactly is guard? This can be understood as a role. Each item in the guards
array is a role. The default ones are web and api, which means that these two roles currently use the authentication system. Of course, these two will definitely not meet our requirements, so we usually customize some guards. Customization is also very simple, just add an item to the guards array, where the driver indicates how to save the user status for this authentication, usually in the session, and the provider is an item in the provider array below, so what is the provider? Woolen cloth? This is easier to understand. If you want to implement user authentication, you must save the user name and password, right? Then the provider tells Laravel which table your user information is stored in, and the driver tells Laravel which method to use to operate the database.
#3 Authentication
In fact, the code automatically generated by Laravel can already meet the needs of login and registration, but each guard requires an AuthController Come on, how do you share an authentication controller? Guard is used here because it can represent the user's identity to perform different logic. However, this guard cannot be obtained in the authentication controller, so we can achieve it through routing parameters. Define a routing group:
Route::group(['prefix'=>'{guard}'],function(){ Route::auth();});
In this routing group we set the prefix to the guard parameter, so that the current guard can be obtained in the AuthController. Under normal circumstances, we obtain routing parameters through Dependency InjectionRequest instance, but there is also a pitfall here, that is, before version 5.1, all routing parameters can be obtained through
$request->input('key')
, but it no longer works in 5.2. It must be obtained through
$request->key
, or directly obtained from the routing instance. I don’t know the reason for this. Some traits are used in the AuthController controller. These traits implement the logic of authentication registration. You can customize the logic by rewriting some properties of the controller. Including $redirectTo
and $guard
and $username
, etc. At a glance, you can tell that the first one is to jump after successful login, and the second one is Define the guard currently used, and the third one is the username field used for authentication. So we can customize it by obtaining the guard in the authentication controller.
#4 Route Protection
一般做认证系统的,都是要来保护路由的,那么如何保护路由呢?文档里面说给需要保护的路由添加一个auth中间件,那么事实是怎样的呢?事实也确实是这样,不过文档没有说的一点是,通过auth中间件保护的路由必须还要加上web中间件、必须还要加上web中间件、必须还要加上web中间件,重要的事情要说三遍啊,不然会出现什么问题呢?不管你认证成功失败都是会跳转到/这条路由,这个大坑要注意!当然你也可以在中间件中指定guard来让Laravel知道通过那个来认证,如果没指定的话就是使用配置文件里面默认的:
Route::get('profile', [ 'middleware' => 'auth:api', 'uses' => 'ProfileController@show']);
#5 获取用户实例
通过认证后就可以通过Auth门面来获取到当前通过认证的用户实例。
$user = Auth::user();
这里还有一个要注意的是,以上的方式默认获取的是配置文件中的guard的,假如你当前登录的guard不是配置文件中的,就必须要这样子来获取:
$user = Auth::guard('guard')->user();
#6 总结
总得来说,Laravel5.2自带的Auth系统还是很好用的,只是有一些小坑文档没说清楚,用过几次之后就可以很熟悉了,可以给我们节约很多的开发时间。
相信看了本文案例你已经掌握了方法,更多精彩请关注php中文网其它相关文章!
推荐阅读:
The above is the detailed content of Laravel multi-user authentication system use case analysis. For more information, please follow other related articles on the PHP Chinese website!