作者:ttarm_33218389 | 来源:互联网 | 2023-05-19 13:22
I'm trying to learn Laravel and my goal is to be able to build a RESTful API (no use of views or blade, only JSON results. Later, an AngularJS web app and a Cordova hybrid mobile app will consume this api.
我正在尝试学习Laravel,我的目标是能够构建RESTful API(不使用视图或刀片,只使用JSON结果。稍后,AngularJS Web应用程序和Cordova混合移动应用程序将使用此API。
After some research, I'm inclining to choose JWT-Auth library for completely stateless benefit. My problem is: I have 2 main types of users: customers and moderators. Customers are not required to have a password. I need to be able to generate a token for access with the provided email only. If that email exists in the database and it belongs to a customer, it will generate and return the token. If it exists and belongs to a moderator, it will return false so the interface can request a password. If the email doesn't exist, it throws an invalid parameter error.
经过一些研究,我倾向于选择JWT-Auth库来获得完全无国籍的好处。我的问题是:我有两种主要类型的用户:客户和版主。客户无需拥有密码。我需要能够使用提供的电子邮件生成用于访问的令牌。如果该电子邮件存在于数据库中并且它属于客户,则它将生成并返回该令牌。如果它存在且属于主持人,则它将返回false,以便接口可以请求密码。如果电子邮件不存在,则会引发无效的参数错误。
I read the docs here and it says it's possible to use Custom Claims. But the docs doesn't explain what are claims and what it means the array being passed as custom claims. I'd like some input on how to go about achieving what I explain above.
我在这里阅读了文档,并说它可以使用自定义声明。但是文档并没有解释什么是声明,以及数组作为自定义声明传递的含义。我想要了解如何实现我上面解释的内容。
only('email', 'password');
try {
// verify the credentials and create a token for the user
if (! $token = JWTAuth::attempt($credentials)) {
return response()->json(['error' => 'invalid_credentials'], 401);
}
} catch (JWTException $e) {
// something went wrong
return response()->json(['error' => 'could_not_create_token'], 500);
}
// if no errors are encountered we can return a JWT
return response()->json(compact('token'));
}
}
Thanks you.
谢谢。
Update
Bounty's code
赏金的代码
public function authenticate(Request $request) {
$email = $request->input('email');
$user = User::where('email', '=', $email)->first();
try {
// verify the credentials and create a token for the user
if (! $token = JWTAuth::fromUser($user)) {
return response()->json(['error' => 'invalid_credentials'], 401);
}
} catch (JWTException $e) {
// something went wrong
return response()->json(['error' => 'could_not_create_token'], 500);
}
// if no errors are encountered we can return a JWT
return response()->json(compact('token'));
}
3 个解决方案
5
Generating token for the customers (without password) can be achieved through
可以通过为客户生成令牌(无密码)
$user = \App\Modules\User\Models\UserModel::whereEmail('xyz@gmail.com')->first();
$userToken=JWTAuth::fromUser($user);
Here $userToken
will stores the token after existence check of email in the table configured in UserModel file.
这里$ userToken将在UserModel文件中配置的表中存在电子邮件检查后存储令牌。
I have assumed that you stores both customer and moderators in the same table, there must be some flag to discriminate among them. Assume the flag is user_type
我假设您将客户和版主存储在同一个表中,必须有一些标志来区分它们。假设标志是user_type
$token = null;
$user = \App\Modules\User\Models\UserModel::whereEmail('xyz@gmail.com')->first();
if($user['user_type'] == 'customer'){
$credentials = $request->only('email');
$token =JWTAuth::fromUser($user);
}else if($user['user_type'] == 'moderator'){
$credentials = $request->only('email','password');
$token = JWTAuth::attempt($credentials);
}else{
//No such user exists
}
return $token;
As far as custom claims are concerned these are custom defined payloads which can be attached to token string.
就自定义声明而言,这些是自定义的有效负载,可以附加到令牌字符串。
For example, JWTAuth::attempt($credentials,['role'=>1]);
Will attempt to add role object to token payload. Once you decode the token string through JWT Facade JWTAuth::parseToken()->getPayload();
you in turn get all payloads defined in required_claims under config/jwt.php with additional role payload.
例如,JWTAuth :: attempt($ credentials,['role'=> 1]);将尝试将角色对象添加到令牌有效内容。通过JWT Facade解码令牌字符串JWTAuth :: parseToken() - > getPayload();您将获得在config / jwt.php下的required_claims中定义的所有有效负载以及其他角色有效负载。
Refer https://github.com/tymondesigns/jwt-auth/wiki/Creating-Tokens#creating-a-token-based-on-anything-you-like Let me know in case you requires anything else.
请参阅https://github.com/tymondesigns/jwt-auth/wiki/Creating-Tokens#creating-a-token-based-on-anything-you-like如果您需要其他任何内容,请告诉我。