What is guard in laravel

In laravel, guard is a plug-in for user authentication; the role of guard is to process authentication and judge each request, read data from the database and compare it with user input, and determine whether the call has been logged in or allowed to pass , and Guard can very flexibly build its own certification system.

The operating environment of this article: Windows 10 system, Laravel version 5.4, Dell G3 computer.

guard in laravel

In fact, you can understand whether it is Guard or Provide. A plug-in for a specific function.

His role is to process an authentication to determine whether each request or call has been logged in or allowed to pass.

What is Guard

In the Laravel/Lumen framework, user login/registration authentication has basically been encapsulated and can be used out of the box. The core of login/registration authentication is:

Storing the user’s registration information into the database (registration)

Reading data from the database and comparing it with user input (authentication)

The above two steps are the basics of login/registration. You can see that they will involve database operations. The bottom layer of the framework has already done this for us, and has taken into account many situations. For example, the data table for user authentication is not the user table but the user table. admin_user, the authentication field is phone instead of email, and other issues that Guard needs to solve. Through Guard, you can specify which data table and fields to use, etc. Guard can build your own authentication system very flexibly.

In layman’s terms, it’s like this: Guard is like the gatekeeper of a community, ruthless and does not recognize people but only registration information.

Before entering the community, the uncle needs to check your identity. If the verification fails, the uncle will not let you in.

If you are walking/biking in, Uncle 1 needs to check your access card. He takes out the book that records the access card information of all owners in the community to see if your access card information is in this book;

If you drive in, Uncle 2 will check your license plate number from the book that records the license plate numbers of all owners. Therefore, when the new owner moves into the community, he needs to inform the doorman uncles of your access card information or license plate number. Otherwise, Uncle 2 won’t let you in.

If the property manager wants to enter the community, the doorman uncle 3 will only recognize the registration information. The manager will show his manager access card, and the doorman uncle will check the book that records the manager's access card information.

The above corresponds to the multi-user authentication in the framework:

People walking/cycling-> Access card

People driving-> License plate number

Property Manager-> Access Card

Access card and license plate number are different authentication methods, and the book viewed by the guard uncle corresponds to the user information in different databases. In this way, Isn't it easier to understand.

Lumen/Laravel provides very flexible authentication in the form of middleware, and multiple authentications can be switched through simple configuration.

The workflow diagram is as follows:

As you can see from the picture, a Guard involves three parts, namely:

• Guard implementation itself

• User Provider user provider, specify which data table and how to obtain (eloquent/database)

• The Authenticatable interface stipulates those things that can be authenticated, which is the interface that implements it.

Extended knowledge:

Guard My understanding is that it should be something similar to user authentication.

There are parameters for configuring guards in config/auth.php. It can be seen that web and api are two guards.

In daily business, API may be more of a front-end user's operation, while web is more of a back-end user's operation.

The default configuration points to the provider of users.

/*
    | Authentication Guards
    |认证关卡
    | Next, you may define every authentication guard for your application. Of course, a great default configuration has been defined for you here which uses session storage and the Eloquent user provider.
    |接下来，你可能要为你的应用定义每个认证关卡。当然，已经为你定一了一个很不错的默认配置。这里会使用会话储存和用户模型
    | All authentication drivers have a user provider. This defines how the users are actually retrieved out of your database or other storage mechanisms used by this application to persist your user's data.
    |所有的认证驱动都有一个用户提供者。这里定义了怎么实际上怎么从你的数据库或者其他储存机制中取出用户。以便应用开保持你的用户数据
    | Supported: "session", "token"
    |可选驱动："session", "token"
    */
'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],
        'api' => [
            'driver' => 'token',
            'provider' => 'users',
        ],
    ],

Next, let’s take a look at the configuration of the provider.

  /*
    | User Providers
    |用户提供者
    | If you have multiple user tables or models you may configure multiple sources which represent each model / table. These sources may then be assigned to any extra authentication guards you have defined.
    | 如果你有多个用户表或用户模型，你可以配置多个代表用户表或模型的资源。这些资源可能被分配给应用中你定义的其他认证关卡
    | Supported: "database", "eloquent"
    |
    */
 'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model' => App\User::class,
        ],
        // 'users' => [
        //     'driver' => 'database',
        //     'table' => 'users',
        // ],
    ],

In providers, you have the users configuration you just saw. This is the user group for configuring laravel, because under normal circumstances, front-end and back-end users operate separately. So you can create a new admin user group here and configure it. Out of the box, only users is used by default.

The corresponding password operations for each user group should be different, so there is also password configuration here.

  /*
    | Resetting Passwords
    | 密码重置
    | You may specify multiple password reset configurations if you have more than one user table or model in the application and you want to have separate password reset settings based on the specific user types.
    | 如果你有多个用户模型或表，并且想对不同用户类型有特定的密码重置，则可以配置多个特定的重置密码
    | The expire time is the number of minutes that the reset token should be considered valid. This security feature keeps tokens short-lived so they have less time to be guessed. You may change this as needed.
    |这个获取时间是令牌过期的分钟数，这个安全措施可以保证令牌保持段时间有效，因此有更少的时间被破解。你可以按照需要更改。
    */
    'passwords' => [
        'users' => [
            'provider' => 'users',
            'table' => 'password_resets',
            'expire' => 60,
        ],
    ],

We usually use Auth::check() to detect logged-in users, or whether the user is logged in. This is because when using the default configuration, guard is automatically configured as users. Group.

  /*
    | Authentication Defaults
    | 默认认证配置
    | This option controls the default authentication "guard" and password reset options for your application. You may change these defaults as required, but they're a perfect start for most applications.
    | 这个就是应用的默认认证关卡个重置密码，你可以按自己要求更改。但这是最适合一个新应用的配置
    */
    'defaults' => [
        'guard' => 'web',
        'passwords' => 'users',
    ],

The web guard points to the users model.

But if we have two user groups, the front and backend, how to verify it?

Auth::check() is a method to determine whether the user is logged in. If the default user system is used, then there is no problem in using it this way.

But if you use two groups of users, you should do this:

Auth::guard('api')->check() is used to determine whether the front-end user is logged in to Auth:: guard('web')->check() is used to determine whether the background user is logged in

So if you use a non-default user group, you need to specify it with guard.

So what we usually use is actually the default configuration. To write it all, it should be Auth::guard('web)->check()

[Related recommendations: laravel video Tutorial】

The above is the detailed content of What is guard in laravel. For more information, please follow other related articles on the PHP Chinese website!