当前位置:首页 > 开始使用Lumen吧 - 登陆 / 注册

开始使用Lumen吧 - 登陆 / 注册

发布于 2018-05-07 阅读 1125 次 框架 Lumen PHP

用户注册

我们在 Controller/Controller.php 添加 succeed 和 faied 公用接口数据返回方法
通过 status_code 来区分失败和成功

  1. namespace App\Http\Controllers;
  2. use Laravel\Lumen\Routing\Controller as BaseController;
  3. class Controller extends BaseController
  4. {
  5. /**
  6. * 返回成功
  7. *
  8. * @param array $data
  9. * @param string $msg
  10. * @param int $code
  11. *
  12. * @return \Illuminate\Http\JsonResponse
  13. */
  14. public function succeed($data = [], $msg = "successd", $code = 0)
  15. {
  16. return response()->json(['msg' => $msg, 'state_code' => $code, 'data'=> $data]);
  17. }
  18. /**
  19. * 返回失败
  20. *
  21. * @param string $msg
  22. * @param int $code
  23. * @return \Illuminate\Http\JsonResponse
  24. */
  25. public function faied($msg = "failed", $code = -1)
  26. {
  27. return response()->json(['msg' => $msg, 'state_code' => $code]);
  28. }
  29. }

开启 Eloquent ORM

bootstrap/app.php

  1. $app = new Laravel\Lumen\Application(
  2. realpath(__DIR__.'/../')
  3. );
  4. // 开启 Eloquent, 默认被注释
  5. $app->withEloquent();

配置 Mysql 数据库连接

.env

  1. DB_CONNECTION=mysql
  2. DB_HOST=数据库地址(127.0.0.1
  3. DB_PORT=数据库端口 (3306)
  4. DB_DATABASE=数据库
  5. DB_USERNAME=用户名
  6. DB_PASSWORD=密码

创建数据表 user

  1. # 用户表数据结构
  2. CREATE TABLE `user` (
  3. `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  4. `username` varchar(100) NOT NULL DEFAULT '',
  5. `email` varchar(100) NOT NULL DEFAULT '',
  6. `password` varchar(60) NOT NULL DEFAULT '',
  7. `api_token` varchar(60) NOT NULL DEFAULT '',
  8. `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
  9. `updated_at` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00',
  10. PRIMARY KEY (`id`)
  11. ) ENGINE=InnoDB DEFAULT CHARSET=utf8

创建 User 模型(Model)

新建 app/Models 文件夹,复制 User.php 至 当前文件 Models 下并修改 第一行 namespace
添加 Models 文件夹用来分类管理我们的模型

  1. namespace App\Models;

Controller 下新建 Auth 并创建 AuthController.php

  1. /**
  2. * AuthController.php
  3. *
  4. * PHP version 7
  5. *
  6. * @category PHP
  7. * @package lumen
  8. * @author w2le
  9. * @copyright 2018/5/4
  10. */
  11. namespace App\Http\Controllers\Auth;
  12. use App\Models\User;
  13. use Illuminate\Http\Request;
  14. use Hautelook\Phpass\PasswordHash;
  15. use App\Http\Controllers\Controller;
  16. class AuthController extends Controller
  17. {
  18. /**
  19. * 用户注册
  20. *
  21. * @param Request $request
  22. * @return \Illuminate\Http\JsonResponse json
  23. */
  24. public function signup(Request $request)
  25. {
  26. // 参数校验
  27. $this->validate($request, [
  28. 'username' => 'required',
  29. 'email' => 'required|email',
  30. 'password' => 'required'
  31. ]);
  32. $username = $request->input('username');
  33. $email = $request->input('email');
  34. $password = $request->input('password');
  35. // 注册记录校验
  36. $row = User::where('username', $username)->orWhere('email', $email)->first();
  37. if($row !== null) {
  38. return $this->faied("当前邮箱或用户名已被注册");
  39. }
  40. $passwordHasher = new PasswordHash(8,false);
  41. // 插入数据
  42. $user = new User();
  43. $user->username = $username;
  44. $user->email = $email;
  45. $user->password = $passwordHasher->HashPassword($password);
  46. if($user->save() === false) {
  47. return $this->faied("用户注册失败");
  48. }
  49. return $this->succeed();
  50. }
  51. }

password 加密

现在还有很多人通过 MD5 来对密码加密。其实这是一种错误的做法。MD5 只是一种摘要算法,而且 MD5 并不安全。这里我们通过使用 phpass 来保护我们的密码

在我们的 composer.json中添加 "hautelook/phpass": "1.0.0" 并执行 composer update

  1. "require": {
  2. "php": ">=5.6.4",
  3. "laravel/lumen-framework": "5.5.*",
  4. "vlucas/phpdotenv": "~2.2",
  5. "hautelook/phpass": "1.0.0"
  6. },

用户登陆

  1. /**
  2. * 用户登陆
  3. *
  4. * @param Request $request
  5. * @return \Illuminate\Http\JsonResponse json
  6. */
  7. public function signin(Request $request)
  8. {
  9. $this->validate($request, [
  10. 'email' => 'required',
  11. 'password' => 'required'
  12. ]);
  13. $email = $request->input('email');
  14. $password = $request->input('password');
  15. $user = User::Where('email', $email)->first();
  16. if($user == null) {
  17. return $this->faied("当前用户不存在");
  18. }
  19. $passwordHasher = new PasswordHash(8,false);
  20. // 校验密码
  21. if($passwordHasher->CheckPassword($password, $user->password) === false) {
  22. return $this->faied("用户名或密码错误");
  23. }
  24. // 生成登陆令牌
  25. $user->api_token = str_random(60);
  26. if($user->save() === false) {
  27. return $this->faied("登陆错误");
  28. }
  29. return $this->succeed(['token'=> $user->api_token]);
  30. }

令牌 token 的生成可以根据自身业务需求来生成。
如果有使用 reids 之类数据库做缓存,可以把 api_token 放入 redis 中,并设置过期时间为 api_token 有效期

添加路由
给我们的 AuthController 添加路由映射 routes/web.php

  1. // 注册路由...
  2. $router->post('signup', 'Auth\AuthController@signup');
  3. // 登陆路由...
  4. $router->post('signin', 'Auth\AuthController@signin');

认证授权

开启认证服务

注册 Auth 认证服务 bootstrap/app.php

  1. /*
  2. |--------------------------------------------------------------------------
  3. | Register Service Providers
  4. |--------------------------------------------------------------------------
  5. |
  6. | Here we will register all of the application's service providers which
  7. | are used to bind services into the container. Service providers are
  8. | totally optional, so you are not required to uncomment this line.
  9. |
  10. */
  11. $app->register(App\Providers\AuthServiceProvider::class);

修改 app\Providers\AuthServiceProvider.php User 模型 namespace

  1. namespace App\Providers;
  2. use App\Models\User;
  3. // 原为 App\User;
  4. /**
  5. * 此为验证 api_token 方法
  6. * Boot the authentication services for the application.
  7. *
  8. * @return void
  9. */
  10. public function boot()
  11. {
  12. // Here you may define how you wish users to be authenticated for your Lumen
  13. // application. The callback which receives the incoming request instance
  14. // should return either a User instance or null. You're free to obtain
  15. // the User instance via an API token or any other method necessary.
  16. $this->app['auth']->viaRequest('api', function ($request) {
  17. if ($request->header('token')) {
  18. // 原 api_token 是放于请求参数中,这里修改 token 置于 header 中
  19. return User::where('api_token', $request->header('token'))->first();
  20. // 如果 api_token 是存放在 redis 或其他地方,只需要修改这一步的 token 校验
  21. }
  22. });
  23. }

注册 Auth 中间件 bootstrap/app.php

  1. /*
  2. |--------------------------------------------------------------------------
  3. | Register Middleware
  4. |--------------------------------------------------------------------------
  5. |
  6. | Next, we will register the middleware with the application. These can
  7. | be global middleware that run before and after each request into a
  8. | route or middleware that'll be assigned to some specific routes.
  9. |
  10. */
  11. $app->routeMiddleware([
  12. 'auth' => App\Http\Middleware\Authenticate::class,
  13. ]);

给需要登陆验证的路由添加 Auth 认证保护

  1. $router->group(['middleware' => 'auth'], function () use ($router) {
  2. // 需要登陆认证的路由
  3. $router->get('/', 'ExampleController@Index');
  4. });

API 认证

打开 app/Http/Middleware/Authenticate.php

  1. /**
  2. * Handle an incoming request.
  3. *
  4. * @param \Illuminate\Http\Request $request
  5. * @param \Closure $next
  6. * @param string|null $guard
  7. * @return mixed
  8. */
  9. public function handle($request, Closure $next, $guard = null)
  10. {
  11. // 验证访问用户是否是游客
  12. // 未携带正确的 api_token
  13. if ($this->auth->guard($guard)->guest()) {
  14. //return response('Unauthorized.', 401);
  15. //这里我们可以修改为我们统一的 json 返回数据格式
  16. return response()->json(['msg' => "未授权的访问", 'state_code' => 401]);
  17. }
  18. return $next($request);
  19. }

令牌使用

在登陆后,客户端维护好服务端返回的 token。每次请求时,客户端只需要在 header 中携带 token

关于如何调试我们刚创建好的接口,以及如何添加 header 头。可以查看相关文章 让 Postman 来帮助你调试 API 接口