我是laravel护照API身份验证的新手。我有一个网站,我也在开发一个移动应用程序,因此我需要为我的移动应用程序创建一些API,我已经安装了laravel Passport并完成了所有配置。
现在,当我注册或登录时,我将通过API将用户详细信息和生成的令牌发送给移动应用程序。
在我的网站上有一个供用户使用的仪表板,只有用户登录后才能访问该仪表板。 我已经创建了一些API来获取移动用户的仪表盘数据,这些与用户相关的数据需要令牌认证,因此当我通过邮递员使用“ Bearer xxxxx”检查API时,效果很好。
我的API路线如下
Route::post('user/login', 'API\UserController@login');
Route::post('user/register', 'API\UserController@register');
Route::post('projects/home_page', 'API\ProjectController@homePage');
Route::post('projects/filter', 'API\ProjectController@filter');
Route::post('projects/load_more', 'API\ProjectController@loadMore');
Route::get('master/terms_conditions', 'API\MasterItemsController@termsAndConditions');
Route::get('master/about_us', 'API\MasterItemsController@aboutUs');
Route::get('master/policy', 'API\MasterItemsController@policy');
Route::get('master/contact_info', 'API\MasterItemsController@contactInfo');
Route::post('master/categories', 'API\MasterItemsController@categories');
Route::get('tours/home_page', 'API\InvestmentTourController@homePage');
Route::post('tours/filter', 'API\InvestmentTourController@filter');
Route::post('tours/load_more', 'API\InvestmentTourController@loadMore');
Route::post('tours/view', 'API\InvestmentTourController@view');
Route::post('projects/view', 'API\ProjectController@view');
Route::post('master/cities', 'API\MasterItemsController@cities');
Route::group(['middleware' => 'auth:api'], function () {
Route::post('user/details', 'API\UserController@details');
Route::post('user/update/profile', 'API\UserController@updateProfile');
Route::post('user/projects/count', 'API\UserController@numberOfProjects');
Route::post('user/projects/list', 'API\UserController@projectList');
Route::post('user/projects/favourites', 'API\UserController@favouriteProjects');
Route::post('user/investments/count', 'API\UserController@numberOfInvestments');
Route::post('user/investments/list', 'API\UserController@investmentsList');
Route::post('user/become_investor', 'API\UserController@favouriteProjects');
Route::post('user/send_verification_email', 'API\UserController@sendVerificationEmail');
Route::post('user/investments/accept_reject', 'API\UserController@investmentAcceptOrReject');
Route::post('user/investments/add_investment', 'API\UserController@investmentAcceptOrReject');
Route::post('user/projects/set_as_favourite', 'API\UserController@setAsFavourite');
/** Project routes **/
Route::post('user/projects/add', 'API\ProjectController@add');
Route::post('user/projects/investments', 'API\ProjectController@investments');
Route::post('master/types', 'API\MasterItemsController@types');
Route::post('master/stages', 'API\MasterItemsController@stages');
Route::post('master/investment_types', 'API\MasterItemsController@investmentTypes');
Route::get('master/commitment', 'API\MasterItemsController@commitment');
Route::get('tours/favourites', 'API\InvestmentTourController@favouriteTours');
Route::get('projects/favourites', 'API\ProjectController@favouriteProjects');
});
Usercontroller在API下的示例代码如下
/**
* API for user login
* @param $post data
* @method POST
* @link api/user/login
* @return JOSN reposnse
**/
public function login(Request $request)
{
$validator = Validator::make($request->all(), [
'email' => 'required|email',
'password' => 'required',
]);
if ($validator->fails()) {
return response()->json(['error' => $validator->errors()], 401);
}
if (Auth::attempt(['email' => request('email'), 'password' => request('password')])) {
$user = Auth::user();
$success['token'] = $user->createToken('MyApp')->accessToken;
$success['user'] = $user;
return response()->json(['success' => $success], $this->successStatus);
} else {
return response()->json(['error' => 'Unauthorised'], 401);
}
}
/**
* API for user registration
* @param $post data
* @method POST
* @link api/user/register
* @return JOSN reposnse
**/
public function register(Request $request)
{
$validator = Validator::make($request->all(), [
'name' => 'required',
'email' => 'required|email',
'phone' => 'required|numeric|min:10',
'password' => 'required',
'c_password' => 'required|same:password',
]);
if ($validator->fails()) {
return response()->json(['error' => $validator->errors()], 401);
}
$input = $request->all();
$input['password'] = bcrypt($input['password']);
$user = User::create($input);
$success['token'] = $user->createToken('MyApp')->accessToken;
$success['name'] = $user->name;
return response()->json(['success' => $success], $this->successStatus);
}
正如我告诉我的API客户端是移动应用程序一样,当移动请求登录用户详细信息时,他们将使用之前生成的令牌(可能在登录或注册时)来请求用户详细信息。 在这里,我想知道如何知道令牌已过期,如果已过期,如何在移动应用程序中更新令牌,请让我知道是否有人有任何想法