laravel 中的授权
Authorization in laravel
我是 laravel 的新手,我正在构建一个 API 并使用 laravel 密室来实施授权。授权后,我获得了用户令牌,但我无法获得任何其他用户数据,因此我可以,例如,提取授权用户的 ID 或将其替换为数据库中的另一个 table,或使用以任何方式授权用户的数据。我不知道我到底做错了什么。请帮我解决这个问题。这是我的代码:
授权控制器:
<?php
namespace App\Http\Controllers;
use App\Http\Requests\UserCreateRequest;
use App\Http\Requests\UserLoginRequest;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Http\Request;
use Illuminate\Database\Eloquent\Builder;
use App\Models\User;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Str;
use phpDocumentor\Reflection\DocBlock\Tags\Uses;
class AuthController extends Controller
{
public function store(UserCreateRequest $request){
$user = new User();
$user->login = $request->get('login');
$user->password = Hash::make($request->get('password'));
$user->email = $request->get('email');
$user->number_phone = $request->get('number_phone');
// $user->role_id = 1;
$user->assignRole('user');
if (!$user->save()) {
return response()->json(['message'=>'Регистрация не удалась']);
}
return response()->json(['message'=>$user->jsonSerialize()]);
}
public function auth(UserLoginRequest $request){
$user = User::query()->where('login', $request->get('login'))->first();
if (!$user || !Hash::check($request->get('password'), $user->password)) {
return response()->json(['message'=>'Попытка входа не удалась'], 400);
}
$token = $user->createToken('api_token')->plainTextToken;
$user->api_token = $token;
$user->save();
return response()->json(['message'=>$user->api_token = $token], 200);
}
public function logout(Request $request) {
$request->user()->currentAccessToken()->delete();
return response()->json(['message' => 'Вы вышли из системы'], 200);
}
}
Api.php:
<?php
use App\Http\Controllers\ApplicationController;
use App\Http\Controllers\AuthController;
use App\Http\Controllers\ReviewController;
use App\Http\Controllers\UserController;
use App\Http\Requests\UserLoginRequest;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Route;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/
Route::middleware('auth:api')->get('/user', function (Request $request) {
return $request->user();
});
Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
return $request->user();
});
Route::group(['middleware' => ['role:admin']], function () {
Route::get('test', function () {
return view('test');
});
});
Route::post('auth', [AuthController::class, 'auth']);
Route::post('authStore', [AuthController::class, 'store']);
Route::get('authLogout', [AuthController::class, 'logout'])->middleware('auth:sanctum');
Route::get('application/{id}', [ApplicationController::class, 'showById']);
Route::get('application', [ApplicationController::class, 'show']);
Route::post('applicationStore', [ApplicationController::class, 'store']);
Route::post('applicationDelete', [ApplicationController::class, 'delete']);
Route::post('userDelete/{user}', [UserController::class, 'delete']);
Route::post('userStore', [UserController::class, 'store']);
Route::get('review', [ReviewController::class, 'show']);
Route::post('reviewStore', [ReviewController::class, 'store']);
Route::post('review/{id}', [ReviewController::class, 'update']);
用户登录请求:
<?php
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
class UserLoginRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return true;
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules()
{
return [
'login' => 'required|string',
'password' => 'required|string',
];
}
}
Kernel.php:
'api' => [
\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
使用Illuminate\Support\Facades\Auth;
// 获取当前认证的用户...
$user = Auth::user();
// 获取当前认证的用户名...
$username = Auth::user()->name;
// 获取当前认证用户的ID...
$id = Auth::id();
在blade.php中你可以这样得到
{{{ isset(Auth::user()->name) ? Auth::user()->name : Auth::user()->id }}}
我是 laravel 的新手,我正在构建一个 API 并使用 laravel 密室来实施授权。授权后,我获得了用户令牌,但我无法获得任何其他用户数据,因此我可以,例如,提取授权用户的 ID 或将其替换为数据库中的另一个 table,或使用以任何方式授权用户的数据。我不知道我到底做错了什么。请帮我解决这个问题。这是我的代码:
授权控制器:
<?php
namespace App\Http\Controllers;
use App\Http\Requests\UserCreateRequest;
use App\Http\Requests\UserLoginRequest;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Http\Request;
use Illuminate\Database\Eloquent\Builder;
use App\Models\User;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Str;
use phpDocumentor\Reflection\DocBlock\Tags\Uses;
class AuthController extends Controller
{
public function store(UserCreateRequest $request){
$user = new User();
$user->login = $request->get('login');
$user->password = Hash::make($request->get('password'));
$user->email = $request->get('email');
$user->number_phone = $request->get('number_phone');
// $user->role_id = 1;
$user->assignRole('user');
if (!$user->save()) {
return response()->json(['message'=>'Регистрация не удалась']);
}
return response()->json(['message'=>$user->jsonSerialize()]);
}
public function auth(UserLoginRequest $request){
$user = User::query()->where('login', $request->get('login'))->first();
if (!$user || !Hash::check($request->get('password'), $user->password)) {
return response()->json(['message'=>'Попытка входа не удалась'], 400);
}
$token = $user->createToken('api_token')->plainTextToken;
$user->api_token = $token;
$user->save();
return response()->json(['message'=>$user->api_token = $token], 200);
}
public function logout(Request $request) {
$request->user()->currentAccessToken()->delete();
return response()->json(['message' => 'Вы вышли из системы'], 200);
}
}
Api.php:
<?php
use App\Http\Controllers\ApplicationController;
use App\Http\Controllers\AuthController;
use App\Http\Controllers\ReviewController;
use App\Http\Controllers\UserController;
use App\Http\Requests\UserLoginRequest;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Route;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/
Route::middleware('auth:api')->get('/user', function (Request $request) {
return $request->user();
});
Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
return $request->user();
});
Route::group(['middleware' => ['role:admin']], function () {
Route::get('test', function () {
return view('test');
});
});
Route::post('auth', [AuthController::class, 'auth']);
Route::post('authStore', [AuthController::class, 'store']);
Route::get('authLogout', [AuthController::class, 'logout'])->middleware('auth:sanctum');
Route::get('application/{id}', [ApplicationController::class, 'showById']);
Route::get('application', [ApplicationController::class, 'show']);
Route::post('applicationStore', [ApplicationController::class, 'store']);
Route::post('applicationDelete', [ApplicationController::class, 'delete']);
Route::post('userDelete/{user}', [UserController::class, 'delete']);
Route::post('userStore', [UserController::class, 'store']);
Route::get('review', [ReviewController::class, 'show']);
Route::post('reviewStore', [ReviewController::class, 'store']);
Route::post('review/{id}', [ReviewController::class, 'update']);
用户登录请求:
<?php
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
class UserLoginRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return true;
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules()
{
return [
'login' => 'required|string',
'password' => 'required|string',
];
}
}
Kernel.php:
'api' => [
\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
使用Illuminate\Support\Facades\Auth;
// 获取当前认证的用户...
$user = Auth::user();
// 获取当前认证的用户名...
$username = Auth::user()->name;
// 获取当前认证用户的ID...
$id = Auth::id();
在blade.php中你可以这样得到
{{{ isset(Auth::user()->name) ? Auth::user()->name : Auth::user()->id }}}