我正在尝试使用Lumen为用户生成一个api令牌。
我进行了登录和注册,但我只希望管理员能够创建创建用户。有人能指出我正确的方向吗?
这是我的代码:
UserController中
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\User;
class UserController extends Controller {
/**
* Register new user
*
* @param $request Request
*/
public function register(Request $request) {
$hasher = app()->make('hash');
$username = $request->input('username');
$email = $request->input('email');
$password = $hasher->make($request->input('password'));
$register = User::create([
'username' => $username,
'email' => $email,
'password' => $password,
]);
if ($register) {
$res['success'] = true;
$res['message'] = 'Success register!';
return response($res);
} else {
$res['success'] = false;
$res['message'] = 'Failed to register!';
return response($res);
}
}
/**
* Get user by id
*
* URL /user/{id}
*/
public function get_user(Request $request, $id) {
$user = User::where('id', $id)->get();
if ($user) {
$res['success'] = true;
$res['message'] = $user;
return response($res);
} else {
$res['success'] = false;
$res['message'] = 'Cannot find user!';
return response($res);
}
}
}
的LoginController
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\User;
class LoginController extends Controller {
/**
* Index login controller
*
* When user success login will retrive callback as api_token
*/
public function index(Request $request) {
$hasher = app()->make('hash');
$email = $request->input('email');
$password = $request->input('password');
$login = User::where('email', $email)->first();
if (!$login) {
$res['success'] = false;
$res['message'] = 'Your email or password incorrect!';
return response($res);
} else {
if ($hasher->check($password, $login->password)) {
$api_token = sha1(time());
$create_token = User::where('id', $login->id)->update(['api_token' => $api_token]);
if ($create_token) {
$res['success'] = true;
$res['api_token'] = $api_token;
$res['message'] = $login;
return response($res);
}
} else {
$api_token = sha1(time());
$create_token = User::where('id', $login->id)->update(['api_token' => $api_token]);
$res['success'] = true;
$res['api_token'] = $api_token;
$res['message'] = $login;
return response($res);
}
}
}
}
验证中间件
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Factory as Auth;
class Authenticate {
/**
* The authentication guard factory instance.
*
* @var \Illuminate\Contracts\Auth\Factory
*/
protected $auth;
/**
* Create a new middleware instance.
*
* @param \Illuminate\Contracts\Auth\Factory $auth
* @return void
*/
public function __construct(Auth $auth) {
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string|null $guard
* @return mixed
*/
public function handle($request, Closure $next, $guard = null) {
if ($this->auth->guard($guard)->guest()) {
if ($request->has('api_token')) {
$token = $request->input('api_token');
$check_token = User::where('api_token', $token)->first();
if ($check_token == null) {
$res['success'] = false;
$res['message'] = 'Permission not allowed!';
return response($res);
}
} else {
$res['success'] = false;
$res['message'] = 'Login please!';
return response($res);
}
}
return $next($request);
}
}
答案 0 :(得分:0)
为adminrole身份验证创建中间件
namespace App\Http\Middleware;
use Closure;
class Adminrole
{
public function handle($request, Closure $next)
{
$admin = $this->auth->getUser();
if(!ADMIN) {
return response()->json(['success'=> false,'error' => 'Invalid Admin User'])->setStatusCode(400);
}
return $next($request);
}
}
然后在bootstrap / app.php
中注册routeMiddleware中的中间件$app->routeMiddleware([
'admin' => App\Http\Middleware\Adminrole::class,
]);
将中间件添加到注册api-url路由
$api->post('YOUR-URL', [
'uses' => 'UserController@register',
'middleware' => 'admin'
]);