在流明中保护API

时间:2017-07-04 04:10:42

标签: php api lumen lumen-5.3

我是流明的新手,我试图通过放置一个名为Api-Token的代码来保护我的注册api,所以只有知道代码的用户才能创建一个新用户,但每次我尝试创建一个新用户时我都无法做到这一点

这是我到目前为止所做的事情

中间件/身份验证

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Contracts\Auth\Factory as Auth;
use App\User;

class Authenticate
{
/**
 * The authentication guard factory instance.
 *
 * @var \Illuminate\Contracts\Auth\Factory
 */
protected $auth;

/**
 * Create a new middleware instance.
 *
 * @param  \Illuminate\Contracts\Auth\Factory  $auth
 * @return void
 */
public function __construct(Auth $auth)
{
    $this->auth = $auth;
}

/**
 * Handle an incoming request.
 *
 * @param  \Illuminate\Http\Request  $request
 * @param  \Closure  $next
 * @param  string|null  $guard
 * @return mixed
 */
public function handle($request, Closure $next, $guard = null)
{

    if ($this->auth->guard($guard)->guest()) {
        if ($request->has('api_token')) {
            $token = $request->input('api_token');
            $check_token = User::where('api_token', $token)->first();
            if ($check_token == null) {
                $res['success'] = false;
                $res['message'] = 'Permission not allowed!';

                return response($res);
            }
        }else{
            $res['success'] = false;
            $res['message'] = 'Unauthorized!';

            return response($res);
        }
    }
    return $next($request);
}
}

AuthServiceProvider

<?php

namespace App\Providers;

use App\User;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\ServiceProvider;

class AuthServiceProvider extends ServiceProvider

{     / **      *注册任何应用程序服务。      *      * @return void      * /     公共职能登记册()     {     }

/**
 * Boot the authentication services for the application.
 *
 * @return void
 */
public function boot()
{
    // Here you may define how you wish users to be authenticated for your Lumen
    // application. The callback which receives the incoming request instance
    // should return either a User instance or null. You're free to obtain
    // the User instance via an API token or any other method necessary.

    // $this->app['auth']->viaRequest('api', function ($request) {
    //     $header = $request->header('Api-Token');

    //     if ($header && $header == 'bird is a word') {
    //         return new User();
    //     }

    //     return null;

    $this->app['auth']->viaRequest('api', function ($request) {
        if ($request->input('api_token')) {
            return User::where('api_token', $request->input('api_token'))->first();
        }

    });
}
}

路线

<?php


$app->get('/', function () use ($app) {
$res['success'] = true;
$res['result'] = "Hello there welcome to web api using lumen tutorial!";
return response($res);
});

$app->post('/login', 'LoginController@index');
$app->post('/register', ['middleware' => 'auth', 'uses' => 'UserController@register']);
$app->get('/user/{id}', ['middleware' => 'auth', 'uses' =>  'UserController@get_user']);

1 个答案:

答案 0 :(得分:2)

我建议使用JWT(JSON WEB TOKEN)身份验证来保护您的api

https://packagist.org/packages/tymon/jwt-auth

安装文档:https://iwader.co.uk/post/tymon-jwt-auth-with-lumen-5-2

尝试使用此程序包将身份验证与流明应用程序集成