仅由admin创建用户

时间:2017-06-22 02:51:59

标签: php lumen

我正在尝试使用Lumen为用户生成一个api令牌。

我进行了登录和注册,但我只希望管理员能够创建创建用户。有人能指出我正确的方向吗?

这是我的代码:

UserController中

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use App\User;

class UserController extends Controller {
    /**
     * Register new user
     *
     * @param $request Request
     */
    public function register(Request $request) {
        $hasher = app()->make('hash');
        $username = $request->input('username');
        $email = $request->input('email');
        $password = $hasher->make($request->input('password'));
        $register = User::create([
            'username' => $username,
            'email' => $email,
            'password' => $password,
        ]);
        if ($register) {
            $res['success'] = true;
            $res['message'] = 'Success register!';
            return response($res);
        } else {
            $res['success'] = false;
            $res['message'] = 'Failed to register!';
            return response($res);
        }
    }

    /**
     * Get user by id
     *
     * URL /user/{id}
     */
    public function get_user(Request $request, $id) {
        $user = User::where('id', $id)->get();
        if ($user) {
            $res['success'] = true;
            $res['message'] = $user;

            return response($res);
        } else {
            $res['success'] = false;
            $res['message'] = 'Cannot find user!';

            return response($res);
        }
    }
}

的LoginController

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use App\User;

class LoginController extends Controller {
    /**
     * Index login controller
     *
     * When user success login will retrive callback as api_token
     */
    public function index(Request $request) {
        $hasher = app()->make('hash');
        $email = $request->input('email');
        $password = $request->input('password');
        $login = User::where('email', $email)->first();
        if (!$login) {
            $res['success'] = false;
            $res['message'] = 'Your email or password incorrect!';
            return response($res);
        } else {
            if ($hasher->check($password, $login->password)) {
                $api_token = sha1(time());
                $create_token = User::where('id', $login->id)->update(['api_token' => $api_token]);
                if ($create_token) {
                    $res['success'] = true;
                    $res['api_token'] = $api_token;
                    $res['message'] = $login;
                    return response($res);
                }
            } else {
                $api_token = sha1(time());
                $create_token = User::where('id', $login->id)->update(['api_token' => $api_token]);
                $res['success'] = true;
                $res['api_token'] = $api_token;
                $res['message'] = $login;
                return response($res);
            }
        }
    }
}

验证中间件

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Contracts\Auth\Factory as Auth;

class Authenticate {
    /**
     * The authentication guard factory instance.
     *
     * @var \Illuminate\Contracts\Auth\Factory
     */
    protected $auth;

    /**
     * Create a new middleware instance.
     *
     * @param  \Illuminate\Contracts\Auth\Factory $auth
     * @return void
     */
    public function __construct(Auth $auth) {
        $this->auth = $auth;
    }

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request $request
     * @param  \Closure $next
     * @param  string|null $guard
     * @return mixed
     */
    public function handle($request, Closure $next, $guard = null) {
        if ($this->auth->guard($guard)->guest()) {
            if ($request->has('api_token')) {
                $token = $request->input('api_token');
                $check_token = User::where('api_token', $token)->first();
                if ($check_token == null) {
                    $res['success'] = false;
                    $res['message'] = 'Permission not allowed!';

                    return response($res);
                }
            } else {
                $res['success'] = false;
                $res['message'] = 'Login please!';

                return response($res);
            }
        }
        return $next($request);
    }
}

1 个答案:

答案 0 :(得分:0)

为adminrole身份验证创建中间件

namespace App\Http\Middleware;

use Closure;

class Adminrole
{



    public function handle($request, Closure $next)
    {

        $admin = $this->auth->getUser();

        if(!ADMIN) {
            return response()->json(['success'=> false,'error' => 'Invalid Admin User'])->setStatusCode(400);
        }  

        return $next($request);
    }

}

然后在bootstrap / app.php

中注册routeMiddleware中的中间件
$app->routeMiddleware([

    'admin' => App\Http\Middleware\Adminrole::class,

]);

将中间件添加到注册api-url路由

$api->post('YOUR-URL', [
        'uses' => 'UserController@register',
        'middleware' => 'admin'
    ]);