如何使用 HTTP 身份验证从 dApp 向 Laravel 服务器授权和记住用户?
How do I auth and remember a user from a dApp to a Laravel server using HTTP authentication?
我正在尝试为 Laravel API 设置一些路由,通过单独的应用程序接收和发送数据。现在,我让它像这样交流:
const request = require('request')
const options = {url:'http://***.vagrant/signPersonal',headers: {'content-type': 'application/json'}}
request.post(options,function (error, response, body) {
console.log(error,response,body)
const signedData = '0x'+body.replace(/^"(.*)"$/, '');
console.log('sig: '+signedData.toString('hex'))
callback(error, signedData)
}).auth('****@**.*','123456123456',true).form(message)
基本上,我想通过 dApp(不是 Laravel 应用程序)设置一个登录门户,以在一定时间内对用户进行身份验证。那么我如何通过路由对用户进行身份验证,并使他们在 dApp 上的登录会话超时。
最终没有使用任何中间件,而是为我自己的身份验证系统创建了一些自定义函数。通过正常的身份验证请求更新记住令牌的身份验证路由:
Route::get('/auth',function (Request $request){
$email = $request->getUser();
$password = $request->getPassword();
if (Auth::attempt(['email' => $email, 'password' => $password], true)) {
User::updateRemembertoken(Auth::user(),Str::random(60));
$token = Auth::getUser()['remember_token'];
return response($token);
}
});
此令牌随后保存在应用程序 client-side 上,并作为 'authorization' header 返回给应用程序进行的所有其他 http 调用。我将此添加到 Laravel API 中的 User.php:
/**
* Check to see if the "remember_me" token has been updated within the hour.
*
* @param string $date
* @return bool
*/
public static function tokenExpired($date){
$date = Carbon::createFromTimeString($date);
$currenttime = Carbon::now();
$timePlushour = $date->addHour();
if($currenttime->greaterThanOrEqualTo($timePlushour)){
return true;
}else{
return false;
}
}
/**
* Update the "remember me" token for the given user in storage.
*
* @param \Illuminate\Contracts\Auth\Authenticatable $user
* @param string $token
* @return void
*/
public static function updateRememberToken(User $user, $token)
{
$user->remember_token = $token;
//$user->setUpdatedAt(Carbon::now());
$user->save();
}
public static function authUser(string $token){
$findId = User::select('id')->where('remember_token',$token)->first();
if($findId){
if(Auth::loginUsingId($findId['id'])){
$user = Auth::user()->all();
if(User::tokenExpired(Auth::user()->updated_at)){
User::updateRemembertoken(Auth::user(),Str::random(60));
}
return Auth::user();
}
}else{
return false;
}
}
它通过令牌搜索并以这种方式对用户进行授权,但前提是令牌在一小时前更新过。
我正在尝试为 Laravel API 设置一些路由,通过单独的应用程序接收和发送数据。现在,我让它像这样交流:
const request = require('request')
const options = {url:'http://***.vagrant/signPersonal',headers: {'content-type': 'application/json'}}
request.post(options,function (error, response, body) {
console.log(error,response,body)
const signedData = '0x'+body.replace(/^"(.*)"$/, '');
console.log('sig: '+signedData.toString('hex'))
callback(error, signedData)
}).auth('****@**.*','123456123456',true).form(message)
基本上,我想通过 dApp(不是 Laravel 应用程序)设置一个登录门户,以在一定时间内对用户进行身份验证。那么我如何通过路由对用户进行身份验证,并使他们在 dApp 上的登录会话超时。
最终没有使用任何中间件,而是为我自己的身份验证系统创建了一些自定义函数。通过正常的身份验证请求更新记住令牌的身份验证路由:
Route::get('/auth',function (Request $request){
$email = $request->getUser();
$password = $request->getPassword();
if (Auth::attempt(['email' => $email, 'password' => $password], true)) {
User::updateRemembertoken(Auth::user(),Str::random(60));
$token = Auth::getUser()['remember_token'];
return response($token);
}
});
此令牌随后保存在应用程序 client-side 上,并作为 'authorization' header 返回给应用程序进行的所有其他 http 调用。我将此添加到 Laravel API 中的 User.php:
/**
* Check to see if the "remember_me" token has been updated within the hour.
*
* @param string $date
* @return bool
*/
public static function tokenExpired($date){
$date = Carbon::createFromTimeString($date);
$currenttime = Carbon::now();
$timePlushour = $date->addHour();
if($currenttime->greaterThanOrEqualTo($timePlushour)){
return true;
}else{
return false;
}
}
/**
* Update the "remember me" token for the given user in storage.
*
* @param \Illuminate\Contracts\Auth\Authenticatable $user
* @param string $token
* @return void
*/
public static function updateRememberToken(User $user, $token)
{
$user->remember_token = $token;
//$user->setUpdatedAt(Carbon::now());
$user->save();
}
public static function authUser(string $token){
$findId = User::select('id')->where('remember_token',$token)->first();
if($findId){
if(Auth::loginUsingId($findId['id'])){
$user = Auth::user()->all();
if(User::tokenExpired(Auth::user()->updated_at)){
User::updateRemembertoken(Auth::user(),Str::random(60));
}
return Auth::user();
}
}else{
return false;
}
}
它通过令牌搜索并以这种方式对用户进行授权,但前提是令牌在一小时前更新过。