请问,任何人都可以解释如何在Lumen框架中实现多个身份验证保护?目前,我有两个可验证的模型:用户和客户端。我正在使用JWT的自定义实现。用户的令牌有效内容中包含client_id和user_id个字段。虽然客户只有client_id。基于此,我需要确定谁来找我:客户,用户或访客(没有代币)。
auth.php
'guards' => [
'client' => [
'driver' => 'token',
'provider' => 'clients',
],
'user' => [
'driver' => 'token',
'provider' => 'users',
],
],
'providers' => [
'clients' => [
'driver' => 'eloquent',
'model' => App\Client::class,
],
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
],
AuthServiceProvider.php
public function boot()
{
$this->app['auth']->viaRequest('token', function ($request) {
$access_token = HelperClass::getTokenFromHeader($request->headers->get('Authorization'));
if ($access_token) {
$tokendata = JWT::decode($access_token, getenv('TOKEN_SECRET'), array('HS256'));
if ($tokendata->user_id) {
return User::find($tokendata->user_id);
}
return Client::find($tokendata->client_id);
}
});
}
routes.php文件
$app->get('/api/{item_id:\d+}', ['middleware' => 'auth:user', 'uses' => 'App\Http\Controllers\ItemController@get']);
我想只允许用户访问此路由,但客户端也成功传递此中间件:Auth::check()返回true而Auth::user()返回App \ Client
另一种情况:如果某些路线我想同时允许这两种情况:客户和用户。对于其他路线 - 客人,客户和用户。