如何将JWT用于不同用户表的laravel API?

时间:2017-06-21 04:15:12

标签: laravel authentication laravel-5 token jwt

这些是驱动程序用户的基本功能。

 public function authenticate(Request $request){
          $credentials=$request->only('email','password');
          try {
            \Config::set('auth.providers.users.model', \App\Driver::class);
            \Config::set('auth.providers.users.table', 'drivers');
            \Config::set('jwt.user', \App\Driver::class);
            if (!$token =JWTAuth::attempt($credentials)) {

           return response()->json(['error'=>'Invalid_Crendals'],401);
        }

      } catch (JWTException $e) {
        return response()->json(['error' => 'could_not_create_token'], 500);
      }
      return response()->json(['token Login Driver'=>compact('token'),'msg'=>'driver']);
    }
    public function register(){
      $email=request()->email;
      $name=request()->name;
      $last=request()->last;
      $password=request()->password;
      $driver=Driver::create([
        'name'=>$name,
        'email'=>$email,
        'last'=>$last,
        'password'=>bcrypt($password),
      ]);
      \Config::set('auth.providers.users.model', \App\Driver::class);
      \Config::set('auth.providers.users.table', 'drivers');
      \Config::set('jwt.user', \App\Driver::class);
      $token=JWTAuth::fromUser($driver);
      return response()->json(['token Driver'=>$token],200);
    }

    public function testd(){

      try {
        \Config::set('auth.providers.users.model', \App\Driver::class);
        \Config::set('auth.providers.users.table', 'drivers');
        \Config::set('jwt.user', \App\Driver::class);

        $token=JWTAuth::getToken();
        $driver=JWTAuth::toUser($token);

      } catch (JWTException $e) {
         return response()->json(['error' => 'could_not_create_token'], 500);
      }
      return response()->json($driver);

}

这些是传统的用户功能

public function authenticate(Request $request){
     $credentials=$request->only('email','password');
     try {
       \Config::set('auth.providers.users.model', \App\User::class);
       \Config::set('auth.providers.users.table', 'users');
       \Config::set('jwt.user', \App\User::class);
       if (!$token =JWTAuth::attempt($credentials)) {
          return response()->json(['error'=>'Invalid_Crendals'],401);
       }

     } catch (JWTException $e) {
       return response()->json(['error' => 'could_not_create_token'], 500);
     }
     return response()->json(['toke Login User'=>compact('token'),'msg'=>'User Register']);
   }
   public function register(){
     $email=request()->email;
     $name=request()->name;
     $password=request()->password;
     $user=User::create([
       'name'=>$name,
       'email'=>$email,
       'password'=>bcrypt($password),
     ]);
     \Config::set('auth.providers.users.model', \App\User::class);
     \Config::set('auth.providers.users.table', 'users');
     \Config::set('jwt.user', \App\User::class);
     $token=JWTAuth::fromUser($user);
     return response()->json(['token'=>$token],200);
   }

   public function testd(){

     try {
       \Config::set('auth.providers.users.model', \App\User::class);
       \Config::set('auth.providers.users.table', 'users');
       \Config::set('jwt.user', \App\User::class);

       $token=JWTAuth::getToken();
       $driver=JWTAuth::toUser($token);

     } catch (JWTException $e) {
        return response()->json(['error' => 'could_not__User_create_token'], 500);
     }
     return response()->json($driver);

   }

并为每一个使用中间件这是针对驱动程序用户的

  public function handle($request, Closure $next)
    {

  try {

        Config::set('jwt.user','App\Driver');
        Config::set('auth.providers.users.model', \App\Driver::class);
        $user=JWTAuth::parseToken()->authenticate();
      if (! $user) {
          return response()->json(['user_not_found'], 404);
      }

  } catch (Tymon\JWTAuth\Exceptions\TokenExpiredException $e) {

      return response()->json(['token_expired'], $e->getStatusCode());

  } catch (Tymon\JWTAuth\Exceptions\TokenInvalidException $e) {

      return response()->json(['token_invalid'], $e->getStatusCode());

  } catch (Tymon\JWTAuth\Exceptions\JWTException $e) {

      return response()->json(['token_absent'], $e->getStatusCode());

  }

  return $next($request);
    }

对于传统用户

try {

    Config::set('jwt.user','App\User');
    Config::set('auth.providers.users.model', \App\User::class);

      if (! $user = JWTAuth::parseToken()->authenticate()) {
          return response()->json(['user_not_found'], 404);
      }

  } catch (Tymon\JWTAuth\Exceptions\TokenExpiredException $e) {

      return response()->json(['token_expired'], $e->getStatusCode());

  } catch (Tymon\JWTAuth\Exceptions\TokenInvalidException $e) {

      return response()->json(['token_invalid'], $e->getStatusCode());

  } catch (Tymon\JWTAuth\Exceptions\JWTException $e) {

      return response()->json(['token_absent'], $e->getStatusCode());

  }

  return $next($request);
    }

文件App.php 

Route::post('authenticate','Api\UserController@authenticate');
Route::post('register','Api\UserController@register');
Route::post('authenticate/driver','Api\DriverController@authenticate');
Route::post('register/driver','Api\DriverController@register');


Route::post('test/driver','Api\DriverController@testd')->middleware('driver');
Route::post('test/user','Api\UserController@testd')->middleware('user');

用户经过身份验证并在相应的表中注册良好我遇到的问题如下:当我在注册用户驱动程序时使用生成的令牌时,我使用相同的令牌访问路由测试/用户,其中逻辑是这样的不欠我要显示没有结果,因为它是由另一个用户生成的不正确的令牌,这个相同的令牌进入该功能并向我显示传统用户的数据。我该如何解决这个安全问题?事实已经很多天了,我无法解决它。

0 个答案:

没有答案
相关问题
最新问题