Passport 密碼模式

交流羣 375462817

密碼模式

準備工作

composer create-project --prefer-dist laravel/laravel laravel6
.env 數據庫配置
修改數據庫默認字符串長度
php artisan make:request BaseRequest // request 和 response 都是 json 格式
入口文件替換原生 Request 爲 BaseRequest
php artisan make:controller PassportController
composer require laravel/passport
php artisan migrate // 創建表來存儲客戶端和 access_token 等
php artisan passport:install // 生成加密 access_token 的 key、密碼授權客戶端、個人訪問客戶端
Laravel\Passport\HasApiTokens Trait 添加到 App\User 模型中 // 提供一些輔助函數檢查已認證用戶的令牌和使用範圍

composer require guzzlehttp/guzzle

// config/auth.php

'defaults' => [
    'guard' => 'api',
    'passwords' => 'users',
],

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],

    'api' => [
        'driver' => 'passport',
        'provider' => 'users',
        'hash' => false,
    ],
],

Passport::tokensExpireIn(now()->addDays(15)); // access_token 過期時間
Passport::refreshTokensExpireIn(now()->addDays(60)); // refresh_token 過期時間

Route::post('/oauth/token', '\Laravel\Passport\Http\Controllers\AccessTokenController@issueToken');


Route::post('/register', 'PassportController@register');
Route::post('/login', 'PassportController@login');
Route::post('/refresh', 'PassportController@refresh');
Route::post('/logout', 'PassportController@logout');


Route::get('test', function () {
    return 'ok';
})->middleware('auth');

登錄、註冊、刷新令牌、登出

<?php
namespace App\Http\Controllers;

use App\User;
use GuzzleHttp\Client;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Validator;

class PassportController extends Controller
{
    protected $clientId;
    protected $clientSecret;

    public function __construct()
    {
        $this->middleware('auth')->except('login', 'register', 'refresh');
        $client = \DB::table('oauth_clients')->where('id', 2)->first();
        $this->clientId = $client->id;
        $this->clientSecret = $client->secret;
    }

    protected function username()
    {
        return 'email';
    }

    public function register()
    {
        $this->validator(request()->all())->validate();

        $this->create(request()->all());

        return $this->getToken();
    }

    protected function validator(array $data)
    {
        return Validator::make($data, [
            'name' => ['required', 'string', 'max:255', 'unique:users',],
            'email' => ['required', 'string', 'email', 'max:255',],
            'password' => ['required', 'string', 'min:8', 'confirmed'],
        ]);
    }

    protected function create(array $data)
    {
        return User::forceCreate([
            'name' => $data['name'],
            'email' => $data['email'],
            'password' => password_hash($data['password'], PASSWORD_DEFAULT),
        ]);
    }

//    public function logout(Request $request)
//    {
//        auth()->user()->token()->revoke(); // 只會使 access_token 失效
//
//        return ['message' => '退出登錄成功'];
//    }


    public function logout()
    {
        $tokenModel = auth()->user()->token();
        $tokenModel->update([
            'revoked' => 1,
        ]);

        \DB::table('oauth_refresh_tokens')
            ->where(['access_token_id' => $tokenModel->id])->update([
                'revoked' => 1,
            ]);

        return ['message' => '退出登錄成功'];
    }

    public function login()
    {
        $user = User::where($this->username(), request($this->username()))
            ->firstOrFail();

        if (!password_verify(request('password'), $user->password)) {
            return response()->json(['error' => '抱歉，賬號名或者密碼錯誤！'],
                403);
        }

        return $this->getToken();
    }

    public function refresh()
    {
        $response = (new Client())->post('http://lishen.com/api/oauth/token', [
            'form_params' => [
                'grant_type' => 'refresh_token',
                'refresh_token' => request('refresh_token'),
                'client_id' => $this->clientId,
                'client_secret' => $this->clientSecret,
                'scope' => '*',
            ],
        ]);

        return $response;
    }

    /**
     * @param Request $request
     * @param Client  $guzzle
     *
     * @return \Psr\Http\Message\ResponseInterface
     */
    private function getToken()
    {
        $response = (new Client())->post('http://lishen.com/api/oauth/token', [
            'form_params' => [
                'grant_type' => 'password',
                'username' => request('email'),
                'password' => request('password'),
                'client_id' => $this->clientId,
                'client_secret' => $this->clientSecret,
                'scope' => '*',
            ],
        ]);

        return $response;
    }
}

使用 scope

// AppServiceProvider 註冊 scope
Passport::tokensCan([
    'test1' => 'for test1',
    'test2' => 'for test2',
]);

// 註冊中間件
'scopes' => \Laravel\Passport\Http\Middleware\CheckScopes::class,  // and
'scope' => \Laravel\Passport\Http\Middleware\CheckForAnyScope::class,  // or

// 使用
->middleware('scopes:test1,test2');
->middleware('scope:test1,test2');

if (auth()->user()->tokenCan('place-orders')) {
    //
}

其他操作

Laravel\Passport\Passport::scopeIds(); // ["test1","test2"]

Laravel\Passport\Passport::scopes(); // [{"id":"test1","description":"for test1"},{"id":"test2","description":"for test2"}]

Laravel\Passport\Passport::scopesFor(['test1', 'check-status']); // [{"id":"test1","description":"for test1"}]

Laravel\Passport\Passport::hasScope('place-orders'); // false