知识储备
1、掌握OAuth2.0授权协议(实例采用密码授权模式开发)
2、掌握Passport进行接口授权
3、掌握API Resource,对API返回的数据进行转换
4、掌握Restful API
5、掌握PostMan接口开发测试工具的使用
6、掌握HTTP状态码使用,尤其是创建资源返回201状态码,返回资源200状态码,注册用户验证失败返回422状态码无法处理的实体
开发环境准备
1、安装 Laravel6版本
composer create-project --prefer-dist laravel/laravel laravel6 "6.*"
2、生成用户数据表
php artisan migrate
3、创建用户注册控制器
php artisan make:controller RegisterController
4、创建用户注册表单验证器
php artisan make:request RegisterUserRequest
5、定义注册路由
Route::post('/register','RegisterController@register');
6、PostMan测试工具使用
a)创建laravel6的项目目录
b)创建名为Auth鉴权校验目录
c)创建名为Register的Request测试方法
d)设置请求头
key:Content-Type,value:application/json
key:Accept,value:application/json
7、辅助授权包Passport安装与配置
参考:https://learnku.com/docs/laravel/6.x/passport/5152
a)通过 Composer 包管理器安装 Passport:
composer require laravel/passport
b)创建存储客户端和令牌的数据表
php artisan migrate
c)生成访问令牌的「个人访问」客户端和「密码授权」客户端
php artisan passport:install
d)在App\Providers\AuthServiceProvider 的 boot 方法中调用Passport::routes 函数
use Laravel\Passport\Passport;
Passport::routes();
e)config/auth.php修改授权配置
f)Laravel\Passport\HasApiTokens Trait 添加到 App\User 模型中
用户注册
1、注册成功返回201资源创建成功状态码
2、使用GuzzleHTTP在注册同时返回授权信息
实现代码:
1、定义用户注册表单验证器
<?php
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Http\Request;
class RegisterUserRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return true;
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules()
{
return [
'name'=>'required|min:6',
'email'=>'required|email|unique:users',
'password'=>'required|min:6'
];
}
}
2、注册控制器代码
<?php
namespace App\Http\Controllers;
use App\Http\Requests\RegisterUserRequest;
use App\User;
use GuzzleHttp\Client as Guzzle;
class RegisterController extends Controller
{
private $http;
public function __construct(Guzzle $http)
{
$this->http = $http;
}
public function register(RegisterUserRequest $request)
{
$user = User::create([
'name'=>$request->name,
'email'=>$request->email,
'password'=>bcrypt($request->password),
]);
//返回授权信息
$response = $this->http->post('http://www.laravel6.com/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => '2',
'client_secret' => 'L9ISFdkmXIbK61GYoYrLyOYYDX2wl1nBZwohr1MH',
'username' => $user->email,
'password' => $request->password,
'scope' => '*',
],
]);
$token = json_decode((string) $response->getBody(), true);
return response()->json([
'token'=>$token
],201);
}
}
返回结果:
用户登录
1、登录路由不需要api前缀
http://www.laravel6.com/oauth/token
2、username字段为email的值
body配置
{
"grant_type":"password",
"username":"[email protected]",
"password":"123456",
"client_id":"2",
"client_secret":"L9ISFdkmXIbK61GYoYrLyOYYDX2wl1nBZwohr1MH",
"scope":"*"
}
返回结果
通过返回的access_token获取用户信息
