laravel jwtɾ³ý
Ç°ÑÔ
ÔÚʹÓà Laravel ºÍ JWT ¾ÙÐÐ Web ¿ª·¢µÄÀú³ÌÖУ¬¿ÉÄÜ»áÓöµ½É¾³ý JWT µÄÇéÐΣ¬±¾ÎĽ«ÏÈÈÝÔõÑùÔÚ Laravel ¿ò¼ÜÖÐɾ³ý JWT¡£
ɾ³ý JWT µÄÐëÒªÐÔ
JWT ºÜºÃµØ½â¾öÁËÓû§Éí·ÝÑéÖ¤ºÍÊÚȨÎÊÌ⣬µ«ÔÚijЩÇéÐÎÏ£¬Äú¿ÉÄÜÐèҪɾ³ý JWT¡£ÒÔÏÂÊÇһЩԵ¹ÊÔÓÉ£º
Çå¾²ÐÔÎÊÌ⣺JWT ±»µÁÓûòй¶¿Éµ¼ÖÂÑÏÖصÄÇå¾²Îó²î¡£
ÀÄÓÃÎÊÌ⣺ÈôÊÇÄúµÄÓ¦ÓóÌÐòÕýÔÚÍøÂçÓйØÓû§Ô˶¯µÄÊý¾Ý£¬¿ÉÄÜÐèҪɾ³ý JWT£¬ÒÔ±ãÔÚÓû§×¢Ïú»òÍ˳öÓ¦ÓóÌÐòʱ×èÖ¹ÍøÂçÊý¾Ý¡£
ÓÃÓÚµ÷ÊÔ£ºÉ¾³ý JWT ¿ÉÒÔ×ÊÖúÄúÖØÐÂÄ£ÄâÓû§µÄµÇ¼Á÷³Ì¡£
ɾ³ý JWT µÄ°ì·¨
Ҫɾ³ý JWT£¬ÓÐÒÔÏÂÈý¸ö°ì·¨£º
×÷·Ï JWT£º¿É½« JWT ×÷·Ï£¬´Ó¶øʹÆäÎÞЧ¡£ÒªÊµÏִ˲Ù×÷£¬ÄúÐèҪά»¤Ò»¸ö´æ´¢ JWT µÄºÚÃûµ¥¡£
ÐÞ¸Ä JWT µÄÓÐÓÃÆÚ£ºÄú¿ÉÒÔ½« JWT µÄÓÐÓÃÆÚÉèÖÃΪ½Ï¶ÌµÄʱ¼ä£¬ÒÔÈ·±£¿ÉÄܱ»µÁÓÃµÄ JWT ¸ü¿ìÓâÆÚ¡£
ɾ³ý JWT£ºÄú¿ÉÒÔÒªÇóÓû§ÊÖ¶¯É¾³ý JWT »òͨ¹ý±àд´úÂëɾ³ýËüÃÇ¡£
ÎÒÃǽ«¸üÏêϸµØ˵Ã÷ÕâЩ°ì·¨¡£
×÷·Ï JWT
JWT ×÷·ÏÐèÒªÄúά»¤Ò»¸ö JWT ºÚÃûµ¥¡£µ±Óû§×¢Ïú»òÍ˳öÓ¦ÓóÌÐòʱ£¬½«¸ÃÓû§µÄ JWT Ìí¼Óµ½ºÚÃûµ¥ÖС£µ±Óû§ÊµÑéʹÓøà JWT »á¼ûÄúµÄÓ¦ÓóÌÐòʱ£¬ÄúµÄÓ¦ÓóÌÐò½«¼ì²é JWT ÊÇ·ñÔÚºÚÃûµ¥ÖС£ÈôÊÇÊÇ£¬Ôò²»ÔÊÐíÓû§½øÈëÄúµÄÓ¦ÓóÌÐò¡£ÒÔÏÂÊÇʵÏִ˲Ù×÷µÄ°ì·¨£º
Step 1£º½¨ÉèÒ»ÆäÖÐÑë¼þ
½¨ÉèÒ»¸öÃûΪ “JwtBlacklist” µÄÖÐÑë¼þ¡£
php artisan make:middleware JwtBlacklist
µÇ¼ºó¸´ÖÆ
Step 2£º±àд´úÂë
ÔÚÖÐÑë¼þµÄ handle ÒªÁìÖбàдÒÔÏ´úÂ룺
public function handle($request, Closure $next) { $token = $request->bearerToken(); if(auth()->check()){ auth()->logout(); JWTAuth::invalidate(JWTAuth::getToken()); return response()->json(['message' => 'Logout successful']); }elseif($token){ try { JWTAuth::parseToken()->authenticate(); JWTAuth::invalidate(JWTAuth::getToken()); return response()->json(['message' => 'Logout successful']); } catch (JWTException $e) { // ignore errors } } return $next($request); }
µÇ¼ºó¸´ÖÆ
Step 3£º×¢²áÖÐÑë¼þ
ÔÚ app/Http/Kernel.php ÎļþµÄ $routeMiddleware Êý×éÖÐ×¢²áÖÐÑë¼þ¡£
'jwt.blacklist' => AppHttpMiddlewareJwtBlacklist::class,
µÇ¼ºó¸´ÖÆ
ÐÞ¸Ä JWT µÄÓÐÓÃÆÚ
JWT ÓÉÈý²¿·Ö×é³É£¬»®·ÖÊÇÍ·²¿(Base64 ±àÂëµÄ JSON ¹¤¾ß)¡¢ÔغÉ(Base64 ±àÂëµÄ JSON ¹¤¾ß)ºÍÊðÃû¡£Òò´Ë£¬Äú¿ÉÒÔ¸ü¸Ä¼ÓÔØÖеÄÓÐÓÃÆÚ¡£
ÔÚ Laravel/JWT ÖУ¬Äú¿ÉÒÔʹÓÃÈçÏ´úÂ룺
public function login(Request $request) { $credentials = $request->only('email', 'password'); if ($token = JWTAuth::attempt($credentials, ['exp' => Carbon::now()->addHours(24)->timestamp])) { return response()->json(['message' => 'Success', 'token' => $token]); } return response()->json(['error' => 'Unauthorized'], 401); }
µÇ¼ºó¸´ÖÆ
ÔÚÉÏÃæµÄ´úÂëÖУ¬ÎÒÃǽ« JWT µÄÓÐÓÃÆÚÉèÖÃΪ 24 Сʱ¡£
ɾ³ý JWT
ÈôÊÇÄúÒªÇóÓû§ÊÖ¶¯É¾³ý JWT£¬ÔòÐèÒª½«´ËÐÅÏ¢ÇåÎúµØ¸æËßÓû§¡£Äú¿ÉÒÔΪעÏú²Ù×÷Ìṩһ¸ö°´Å¥»òÁ´½Ó£¬ÒÔ±ãÓû§Äܹ»É¾³ý JWT¡£
ÈôÊÇÄúҪͨ¹ý±àд´úÂëɾ³ý JWT£¬Ôò¿ÉÒÔ½«ÏÂÃæµÄ´úÂë¼ÓÈëÄúµÄ¿ØÖÆÆ÷£º
public function logout(Request $request) { JWTAuth::invalidate(JWTAuth::getToken()); return response()->json(['message' => 'Logout successful']); }
µÇ¼ºó¸´ÖÆ
µ±Óû§µã»÷×¢Ïú°´Å¥Ê±£¬¸Ã¿ØÖÆÆ÷½«É¾³ý JWT¡£
¿¢ÊÂÓï
±¾ÎÄÏÈÈÝÁËÔõÑùÔÚ Laravel ºÍ JWT ÖÐɾ³ý JWT¡£Äú¿ÉÒÔͨ¹ý×÷·Ï¡¢ÐÞ¸Ä JWT µÄÓÐÓÃÆÚºÍɾ³ý JWT À´ÊµÏִ˲Ù×÷¡£ÈôÓÐÈκÎÎÊÌâºÍÒÉÎÊ£¬ÇëÔÚ̸ÂÛÇøÀïÁôÑÔ£¬Îһᾡ¿ì»Ø¸´¡£
ÒÔÉϾÍÊÇlaravel jwtɾ³ýµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡