How Laravel uses ApiToken to authenticate requests

The following tutorial column of Laravel Getting Started will introduce you to the method of using ApiToken authentication request in Laravel. I hope it will be helpful to friends in need!

1. Open the database/migrations/2014_10_12_000000_create_users_table.php migration file. We need to change the structure of the user table.

2. We need to add api_token field, that is to say, our token is saved in the database. In the appropriate location, add a row

$table->string('api_token', 60)->unique();

3. Configure the database and generate the user table through the php artisan migrate command

4. In the user table, add a record at will, as long as the api_token field is set to 123456. In this way, we generate a user, and we can use the token value 123456 to log in later.

5. Return to the routing file routes.php, add a test route in it, and protect it with laravel middleware

Route::group(['middleware' => ['auth.api']], function () { 
  Route::get('/t', function () {
      return 'ok';
  });
});

Here, the auth.api middleware is used, and the middleware definition Enter the picture below:

Create WebToken.php in the Middleware file, and then register the middleware in the Kernel.php file

'auth.api' => \App\Http\Middleware\webToken::class,

6. Open the just created The webToken middleware code is as follows

<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
class webToken
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if (Auth::guard(&#39;api&#39;)->guest()) {
            return response()->json([&#39;code&#39; => 401,&#39;msg&#39; => &#39;未设置token&#39;]);
        }
        return $next($request);
    }
}

The api of Auth::guard('api') in the code is the auth.php file in the config folder

7. After making the above modifications, when we directly initiate a request to the server with the URL path /t, the server will return a 401 error and a 'token not set' Such a message is what we set in the handle() method before. In other words, /t has been protected by our auth middleware. If we want our request to pass through this middleware normally, we must provide the token .

8. Since we previously added a piece of data with api_token 123456 in the user table, now we request /t from the server again, but this time we add api_token, which is

…/t?api_token=123456

Under normal circumstances, the server will return 'ok', which means that the auth middleware allows this request to pass. But when we change 123456 to other values, this request cannot pass the auth middleware.

For more laravel framework technical articles, please visit laraveltutorial!

The above is the detailed content of How Laravel uses ApiToken to authenticate requests. For more information, please follow other related articles on the PHP Chinese website!