如何使用单独的管理表创建Laravel 5中间件而不使用用户表?
答案 0 :(得分:3)
您可以为admin定义单独的VerfiyCsrfToken文件,调用为VerifyAdminCsrfToken。
您的 routes / web.php 文件如下所示:
Route::group(array('prefix'=>'Api/v1/admin'),function()
{
Route::post('login','AdminController@login');
});
Route::group(['middleware'=>'admin.csrf','prefix'=>'Api/v1/admin'],function($router){
Route::get('getAdminDetails','AdminController@getAdminDetails');
/*Call Rest all routes after admin login like this and this request
goes through the VerifyAdminCsrfToken.php handle request.*/
});
app / Http / Kernel.php 看起来像这样
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'admin.csrf' => \App\Http\Middleware\VerifyAdminCsrfToken::class,
];
登录成功后。将id_admin和csrf标记分别设置为X-Id-Admin和X-Admin-Csrf-Token。
VerifyAdminCsrfToken.php =>登录路线/ apis后处理。
<?php namespace App\Http\Middleware;
class VerifyAdminCsrfToken {
public function handle($request, Closure $next)
{
$token = \Request::header('X-Admin-Csrf-Token');
$id_admin = \Request::header('X-Id-Admin');
$adminObject=new \App\Models\Admin();
$adminDetails = $adminObject->checkAdminToken($id_admin,$token); // function to identify the admin in admin model based on id_admin and token.
// echo Session::token() .'==='. $csrfToken; //exit();
if(!$adminDetails&&count($adminDetails)==0)
{
return \Response::json(array('error'=>true,'message'=>'Unauthorized
Request'),401);
}
else{
$userDet = array();
$userDet['id_admin'] = $adminDetails->id_admin;
$userDet['name'] = $adminDetails->name;
$request->userDet=$userDet;
return $next($request);
}
}
AdminController.php 内容如下:
<?php
namespace App\Http\Controllers;
class AdminController extends Controller
{
public function login(Request $request){
$admin_email = $request->input('email');
$password = $request->input('password');
$adminObj = new \App\Models\Admin();
$loginCheck=$adminObj->checkAdminLogin($admin_email,$password);// function to identify the admin in admin model based in admin_email and password.
if($loginCheck&&count($loginCheck)>0){
$token = $loginCheck->token;
return response()->json(['message'=>'Successfully logged
in','user_detail'=>$loginCheck,'csrf_token'=>$token],200);
}else{
return response()->json(array('message'=>'These credentials did not
match our record'),403);
}
}
//对于api调用我的admin.js文件看起来像这样。它是一个角度的js文件。这只是从客户端处理api调用的一个例子。
var SITE_URL=localhost/projectfolder/+'index.php/Api/v1/admin/';
$scope.credentials={admin_email:'####@gmail.com',password:'###'};
$http({
method: "POST",
timeout: 30000,
url: SITE_URL+'login',
data: $.param($scope.credentials),//posting data from login form
headers: {'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8'}
}).success(function (data,status) {
if(status==200)
{
$http.defaults.headers.common['X-Admin-Csrf-Token'] = data.token; //For all $http request it will apply this header.
$http.defaults.headers.common['X-Id-Admin'] = data.user_detail.id_admin; //For all $http request will ll apply this header.
}).error(function (data, status) {
$scope.actionDisabled=false;
if(status==401)
{
console.log(data.message);//invalid credentials
}
});
$http({
method: "GET",
url: SITE_URL+'getAdminDetails',
headers: {'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8'} //with this content type newly set headers(X-Id-Admin,X-Admin-Csrf-Token) will be sent and handled the request thorough Laravel newly created middleware.
}).success(function (response,status) {
console.log(response);//admin detailed response from server
});