我正在使用Lumen 8开发API应用程序。我有3种类型的用户。对于他们,我使用3种不同的模型。我正在使用JWT身份验证[packagetymon / jwt-auth]。
这是我的Auth.php配置。我使用3种类型的身份验证保护程序
return [
'defaults' => [
'guard' => env('AUTH_GUARD', 'user'),
'passwords' => 'users',
],
'guards' => [
'user' => [
'driver' => 'jwt',
'provider' => 'users',
],
'vendor_user' => [
'driver' => 'jwt',
'provider' => 'vendor_users',
],
'super_user' => [
'driver' => 'jwt',
'provider' => 'super_users',
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => \App\Models\User::class
],
'vendor_users' => [
'driver' => 'eloquent',
'model' => \App\Models\VendorUser::class
],
'super_users' => [
'driver' => 'eloquent',
'model' => \App\Models\SuperUser::class
]
],
'passwords' => [
'users' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 60,
'throttle' => 60,
],
'vendor_users' => [
'provider' => 'vendor_users',
'table' => 'password_resets',
'expire' => 60,
'throttle' => 60,
],
'super_users' => [
'provider' => 'super_users',
'table' => 'password_resets',
'expire' => 60,
'throttle' => 60,
],
],
'password_timeout' => 10800,
];
对于登录,我使用上述auth防护使用3条不同的路由。
protected function login(Request $request, $guard = 'user')
{
//validate incoming request
$this->validate($request, [
'email' => 'required|string',
'password' => 'required|string',
]);
$credentials = $request->only(['email', 'password']);
if (! $token = Auth::guard($guard)->attempt($credentials)) {
return response()->json(responseFormat(ERROR,___('Unauthorized')), 401);
}
return $this->respondWithToken($token);
}
public function userLogin(Request $request)
{
return $this->login($request,'user');
}
public function superUsersLogin(Request $request)
{
return $this->login($request,'super_user');
}
public function vendorUsersLogin(Request $request)
{
return $this->login($request,'vendor_user');
}
我设法从所有3种类型的用户那里获得了成功登录的令牌。
但是当我使用身份验证中间件对所有用户进行身份验证时,我面临一个问题
public function handle($request, Closure $next, $guard = null)
{
if ($this->auth->guard($guard)->guest()) {
return response(responseFormat(ERROR,'Unauthorized.'), 401);
}
return $next($request);
}
它仅适用于默认的auth-guard类型的用户(即用户防护)。如果要验证其他用户类型,则必须使用其他路由,并提及要使用的身份验证防护。
$router->group(['middleware' => 'auth','prefix' => 'api'], function ($router)
{
$router->get('/send-email', 'EmailController@sendEmail');
$router->get('/users', 'UsersController@users');
});
$router->group(['middleware' => 'auth:vendor_user','prefix' => 'api/vendor'], function ($router)
{
$router->get('/send-email', 'EmailController@sendEmail');
$router->get('/users', 'UsersController@users');
});
$router->group(['middleware' => 'auth:super_user','prefix' => 'api/super_user'], function ($router)
{
$router->get('/send-email', 'EmailController@sendEmail');
$router->get('/users', 'UsersController@users');
});
有什么办法可以验证同一路由的所有3种类型的用户?这样我就不必为每种类型的用户使用不同的路由。
$router->group(['middleware' => 'auth','prefix' => 'api'], function ($router)
{
$router->get('/send-email', 'EmailController@sendEmail');
$router->get('/users', 'UsersController@users');
});
像该API一样,所有3种类型的用户都可以使用该API,并通过相同的auth-guard或其他某种方式进行身份验证。
BS:我必须为3种类型的用户使用3个不同的表。
答案 0 :(得分:1)
创建一个单独的中间件以尝试使用证书。然后,设置Auth应该使用的默认防护。您无需通过保护程序即可登录。
在LoginController中
public function __construct()
{
$this->middleware('SetAuthGuard:user')->except('logout');
$this->middleware('SetAuthGuard:vendor_users')->except('logout');
$this->middleware('SetAuthGuard:super_users')->except('logout');
}
SetAuthGuard中间件
public function handle(Request $request, Closure $next, ...$guards)
{
$guards = empty($guards) ? [null] : $guards;
$credentials = $request->only('email','password');
foreach ($guards as $guard) {
if (Auth::guard($guard)->attempt($credentials)) {
Auth::shouldUse($guard);
}
}
return $next($request);
}