用戶注冊

我們在 Controller/Controller.php 添加 succeed 和 faied 公用接口數據返回方法 通過 status_code 來區分失敗和成功

namespace App\Http\Controllers;use Laravel\Lumen\Routing\Controller as BaseController;class Controller extends BaseController {/*** 返回成功** @param array $data* @param string $msg* @param int $code** @return \Illuminate\Http\JsonResponse*/public function succeed($data = [], $msg = "successd", $code = 0){return response()->json(['msg' => $msg, 'state_code' => $code, 'data'=> $data]);}/*** 返回失敗** @param string $msg* @param int $code* @return \Illuminate\Http\JsonResponse*/public function faied($msg = "failed", $code = -1){return response()->json(['msg' => $msg, 'state_code' => $code]);} } 復制代碼

開啟 Eloquent ORM

bootstrap/app.php

$app = new Laravel\Lumen\Application(realpath(__DIR__.'/../') );// 開啟 Eloquent， 默認被注釋 $app->withEloquent(); 復制代碼

配置 Mysql 數據庫連接

.env

DB_CONNECTION=mysql DB_HOST=數據庫地址（127.0.0.1） DB_PORT=數據庫端口 (3306) DB_DATABASE=數據庫 DB_USERNAME=用戶名 DB_PASSWORD=密碼 復制代碼

創建數據表 user

# 用戶表數據結構 CREATE TABLE `user` (`id` int(10) unsigned NOT NULL AUTO_INCREMENT,`username` varchar(100) NOT NULL DEFAULT '',`email` varchar(100) NOT NULL DEFAULT '',`password` varchar(60) NOT NULL DEFAULT '',`api_token` varchar(60) NOT NULL DEFAULT '',`created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,`updated_at` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00',PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 復制代碼

創建 User 模型（Model）

新建 app/Models 文件夾，復制 User.php 至 當前文件 Models 下并修改 第一行 namespace 添加 Models 文件夾用來分類管理我們的模型

namespace App\Models; 復制代碼

Controller 下新建 Auth 并創建 AuthController.php

/*** AuthController.php** PHP version 7** @category PHP* @package lumen* @author w2le* @copyright 2018/5/4*/namespace App\Http\Controllers\Auth;use App\Models\User; use Illuminate\Http\Request; use Hautelook\Phpass\PasswordHash; use App\Http\Controllers\Controller;class AuthController extends Controller {/*** 用戶注冊** @param Request $request* @return \Illuminate\Http\JsonResponse json*/public function signup(Request $request){// 參數校驗$this->validate($request, ['username' => 'required','email' => 'required|email','password' => 'required']);$username = $request->input('username');$email = $request->input('email');$password = $request->input('password');// 注冊記錄校驗$row = User::where('username', $username)->orWhere('email', $email)->first();if($row !== null) {return $this->faied("當前郵箱或用戶名已被注冊");}$passwordHasher = new PasswordHash(8,false);// 插入數據$user = new User();$user->username = $username;$user->email = $email;$user->password = $passwordHasher->HashPassword($password);if($user->save() === false) {return $this->faied("用戶注冊失敗");}return $this->succeed();} } 復制代碼

password 加密

現在還有很多人通過 MD5 來對密碼加密。其實這是一種錯誤的做法。MD5 只是一種摘要算法，而且 MD5 并不安全。這里我們通過使用 phpass 來保護我們的密碼

在我們的 composer.json中添加 "hautelook/phpass": "1.0.0" 并執行 composer update

"require": {"php": ">=5.6.4","laravel/lumen-framework": "5.5.*","vlucas/phpdotenv": "~2.2","hautelook/phpass": "1.0.0" }, 復制代碼

用戶登陸

/*** 用戶登陸** @param Request $request* @return \Illuminate\Http\JsonResponse json*/ public function signin(Request $request) {$this->validate($request, ['email' => 'required','password' => 'required']);$email = $request->input('email');$password = $request->input('password');$user = User::Where('email', $email)->first();if($user == null) {return $this->faied("當前用戶不存在");}$passwordHasher = new PasswordHash(8,false);// 校驗密碼if($passwordHasher->CheckPassword($password, $user->password) === false) {return $this->faied("用戶名或密碼錯誤");}// 生成登陸令牌$user->api_token = str_random(60);if($user->save() === false) {return $this->faied("登陸錯誤");}return $this->succeed(['token'=> $user->api_token]); } 復制代碼

令牌 token 的生成可以根據自身業務需求來生成。 如果有使用 reids 之類數據庫做緩存，可以把 api_token 放入 redis 中，并設置過期時間為 api_token 有效期

添加路由 給我們的 AuthController 添加路由映射 routes/web.php

// 注冊路由... $router->post('signup', 'Auth\AuthController@signup'); // 登陸路由... $router->post('signin', 'Auth\AuthController@signin'); 復制代碼

認證授權

開啟認證服務

注冊 Auth 認證服務 bootstrap/app.php

/* |-------------------------------------------------------------------------- | Register Service Providers |-------------------------------------------------------------------------- | | Here we will register all of the application's service providers which | are used to bind services into the container. Service providers are | totally optional, so you are not required to uncomment this line. | */$app->register(App\Providers\AuthServiceProvider::class); 復制代碼

修改 app\Providers\AuthServiceProvider.php User 模型 namespace

namespace App\Providers;use App\Models\User; // 原為 App\User;/*** 此為驗證 api_token 方法* Boot the authentication services for the application.** @return void*/ public function boot() {// Here you may define how you wish users to be authenticated for your Lumen// application. The callback which receives the incoming request instance// should return either a User instance or null. You're free to obtain// the User instance via an API token or any other method necessary.$this->app['auth']->viaRequest('api', function ($request) {if ($request->header('token')) {// 原 api_token 是放于請求參數中，這里修改 token 置于 header 中return User::where('api_token', $request->header('token'))->first();// 如果 api_token 是存放在 redis 或其他地方，只需要修改這一步的 token 校驗}}); } 復制代碼

注冊 Auth 中間件 bootstrap/app.php

/* |-------------------------------------------------------------------------- | Register Middleware |-------------------------------------------------------------------------- | | Next, we will register the middleware with the application. These can | be global middleware that run before and after each request into a | route or middleware that'll be assigned to some specific routes. | */$app->routeMiddleware(['auth' => App\Http\Middleware\Authenticate::class, ]); 復制代碼

給需要登陸驗證的路由添加 Auth 認證保護

$router->group(['middleware' => 'auth'], function () use ($router) {// 需要登陸認證的路由$router->get('/', 'ExampleController@Index');}); 復制代碼

API 認證

打開 app/Http/Middleware/Authenticate.php

/*** Handle an incoming request.** @param \Illuminate\Http\Request $request* @param \Closure $next* @param string|null $guard* @return mixed*/ public function handle($request, Closure $next, $guard = null) {// 驗證訪問用戶是否是游客// 未攜帶正確的 api_tokenif ($this->auth->guard($guard)->guest()) {//return response('Unauthorized.', 401);//這里我們可以修改為我們統一的 json 返回數據格式return response()->json(['msg' => "未授權的訪問", 'state_code' => 401]);}return $next($request); } 復制代碼

令牌使用

在登陸后，客戶端維護好服務端返回的 token。每次請求時，客戶端只需要在 header 中攜帶 token

關于如何調試我們剛創建好的接口，以及如何添加 header 頭。可以查看相關文章 讓 Postman 來幫助你調試 API 接口

轉載于:https://juejin.im/post/5af1601c51882567312429eb

總結

以上是生活随笔為你收集整理的开始使用Lumen吧，3分钟搞定登陆认证的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。