Home >Backend Development >PHP Tutorial >Implementing PHP security verification using Laravel Passport
Implementing PHP security verification using Laravel Passport
- 王林Original
- 2023-07-25 21:33:241522browse
Using Laravel Passport to implement PHP security authentication
Introduction:
In modern web development, user authentication and authorization are very important security functions. Laravel Passport is an OAuth2-based authentication tool that can help us easily implement user authentication and authorization functions. This article explains how to implement secure authentication in PHP using Laravel Passport.
Steps:
-
Install Laravel Passport
First, make sure the Laravel framework is installed. Next, enter the project directory in the terminal and execute the following command to install the Laravel Passport package:composer require laravel/passport
After successful installation, run the following command to publish the files and database migrations required by the package:
php artisan passport:install
-
Configure Passport
Open theconfig/app.phpfile and add the following service provider in theprovidersarray:LaravelPassportPassportServiceProvider::class,
Then, in the
$routeMiddlewarearray in theapp/Http/Kernel.phpfile, add the following middleware:'client' => LaravelPassportHttpMiddlewareCheckClientCredentials::class,
Finally, in the
file:app /User.phpAdd theHasApiTokenstrait ofPassportto the /User.phpuse LaravelPassportHasApiTokens;
and introduce it in thetrait array of the class:use HasApiTokens;
Now, we have successfully configured Laravel Passport. -
First, we need to create a controller to handle user authentication requests. You can execute the following command to generate a new controller:
Create user authentication interfacephp artisan make:controller AuthController
Then, add the following method inAuthController to handle registration and login requests: -
file and add the following routes:
Create RoutesOpen theroutes/api.php -
:
Use Passport GuardOpenconfig/auth.phpfile, and change theapiguard driver topassport -
, you can add the following route:
Use authenticated userNow, we can use theauth:apimiddleware to authenticate users and secure related API routes. For example, inAuthControllerpublic function profile() { $user = Auth::user(); return response()->json(['user' => $user], 200); }Then, inroutes/api.php, add the following route:Route::get('profile', 'AuthController@profile')->middleware('auth:api');In this way, when accessing the/api/profile route, the user will be asked to provide a valid authentication token first.
use IlluminateHttpRequest;
use IlluminateSupportFacadesAuth;
class AuthController extends Controller
{
public function register(Request $request)
{
// 验证请求数据
$request->validate([
'name' => 'required|unique:users',
'email' => 'required|email|unique:users',
'password' => 'required|min:6'
]);
// 创建用户
$user = User::create([
'name' => request('name'),
'email' => request('email'),
'password' => bcrypt(request('password')),
]);
// 生成访问令牌
$token = $user->createToken('accessToken')->accessToken;
// 返回响应
return response()->json(['token' => $token], 200);
}
public function login(Request $request)
{
// 验证请求数据
$credentials = request(['email', 'password']);
// 检查用户凭据
if (!Auth::attempt($credentials)) {
return response()->json(['message' => 'Unauthorized'], 401);
}
// 获取当前用户
$user = $request->user();
// 生成访问令牌
$token = $user->createToken('accessToken')->accessToken;
// 返回响应
return response()->json(['user' => $user, 'token' => $token], 200);
}
}Route::post('register', 'AuthController@register');
Route::post('login', 'AuthController@login')->middleware('client');'guards' => [
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
Summary:
The above is the detailed content of Implementing PHP security verification using Laravel Passport. For more information, please follow other related articles on the PHP Chinese website!