使用lumen进行api开发,实现api的鉴权,查找到的文档基本上都是password的模式验证,千篇一律,详细如何请求,如何验证都一笔跳过,本人在实践过程中踩了不少坑,所以编写此篇文章,希望其他同学勿再入同样的坑。
一、安装Lumen
composer create-project --prefer-dist laravel/laravel app_name- 配置应用秘钥
在App\Console\Commands下添加一下内容的KeyGenerateCommand.php文件
<?php
namespace App\Console\Commands;
use Illuminate\Console\Command;
class KeyGenerateCommand extends Command
{
/**
* The name and signature of the console command.
*
* @var string
*/
protected $signature = 'key:generate';
/**
* The console command description.
*
* @var string
*/
protected $description = 'Set the application key';
/**
* Execute the console command.
*
* @return void
*/
public function handle()
{
$key = $this->generateRandomKey();
file_put_contents(base_path('.env'), preg_replace(
'/^APP_KEY=[\w]*/m',
'APP_KEY='.$key,
file_get_contents(base_path('.env'))
));
$this->info("Application key [$key] set successfully.");
}
/**
* Generate a random key for the application.
*
* @return string
*/
protected function generateRandomKey()
{
return str_random(32);
}
}- 指令注入
// 修改App\Console下的Kernel.php
protected $commands = [
//注入指令
'App\Console\Commands\KenGenerateCommand',
]- 控制台执行密钥生成命令
php artisan key:generate二、安装dingo
- 安装dingo扩展
composer require dingo/api- 注册服务提供者
### bootstrap/app.php中注册
$app->register(Dingo\Api\Provider\LumenServiceProvider::class);
### 具体配置以及多版本设置可参考Dingo API的官方文档
https://learnku.com/docs/dingo-api/2.0.0/Installation/1443
- 创建路由
### 为避免路由冲突,在router/web.php创建dingo/api的专属路由
### 注册实例
$api = app('Dingo\Api\Routing\Router')
### 使用$api接替原有的$router
### 如下路由
$api->version('v1', function($api) {
return response('this is version v1');
})三、安装Lumen-passport
- 安装lumen-passport扩展
### 注意版本兼容
composer require dusterio/lumen-passport- 修改bootstrap/app.php文件
<?php
// 取消如下配置的注释
$app->withFacades();
$app->withEloquent();
$app->register(App\Providers\AppServiceProvider::class);
$app->register(App\Providers\AuthServiceProvider::class);
// 加载配置文件config/auth.php
// 可将vendor/laravel/config文件夹复制到项目根目录
$app->configure('auth');
// 开启并修改默认认证中间件并增加client_credentials验证的中间件
// 因为本人使用了passport的client_credentials凭证
$app->routeMiddleware([
'auth' => App\Http\Middleware\Authenticate::class,
'client' => \Laravel\Passport\Http\Middleware\CheckClientCredentials::class
]);
// 新增passport注册
$app->register(Laravel\Passport\PassportServiceProvider::class);
$app->register(Dusterio\LumenPassport\PassportServiceProvider::class);
- 修改auth.php配置
// 修改如下
'guards' => [
'api' => [
'driver' => 'passport',
'provider' => 'passport-provider'
],
],
'providers' => [
'passport-provider' => [
'driver' => 'eloquent',
'model' => \App\User::class
]
],- 增加HasApiTokens Trait 到user model
// lumen的默认路径 app/user.php
/// 添加HasApiTokens
use Laravel\Passport\HasApiTokens;
class User extends Model implements AuthenticatableContract, AuthorizableContract
{
use Authenticatable, Authorizable, HasApiTokens;
}四、创建数据表和客户端
### 控制台执行命令
### 创建数据表
php artisan migrate
### 创建客户端
php artisan passport:client --client
### 会生成client_credentials的client_id和client_secret
五、获取令牌Token
### 因passport自带oauth路由,无需新建路由
### 获取token,本人使用postman测试接口
### 请求url: 域名/oauth/token 请求方式: POST
### 注意:不能以参数的形式请求,应模拟表单提交,postman->body->x-www-form-urlencode
### 具体参数: client_id: 步骤四生成的client_id; client_secret:同上, grrant_type: client_credentials
### 返回结果:
{
"token_type": "Bearer",
"expires_in": 31622399,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjUwZWJiYWRhYzVjNTFmOTJiMzcwNGI5MjM0ODQxNWUzZDhiMzdiYmE1Nzk4ZmIxYmY4Y2VkODA1YmMwZGI4MTgxOGQ1ZTAwNTI3MjdjZWFhIn0.eyJhdWQiOiIzIiwianRpIjoiNTBlYmJhZGFjNWM1MWY5MmIzNzA0YjkyMzQ4NDE1ZTNkOGIzN2JiYTU3OThmYjFiZjhjZWQ4MDViYzBkYjgxODE4ZDVlMDA1MjcyN2NlYWEiLCJpYXQiOjE1Njk1NjQ3MjQsIm5iZiI6MTU2OTU2NDcyNCwiZXhwIjoxNjAxMTg3MTI0LCJzdWIiOiIiLCJzY29wZXMiOltdfQ.Kif33MaoPypJN2WNofILA2PKu_YsX7ArAzK9PCxksaiUrQHVUb5a9LdhBdvMLHaQ5gMn8KvkChKkG5xFWjI5Z8ARUEw7ucdYAW0-lfnxNvDf_Z9KOMdNZWXYYyY4t-4UYqhlRcZWclm4fEHkTWj60RLqYSlnArc0C6cKM_LYDjREHN1VJc_1hAN60uUgxBxAjLC5cMCtNlrZkrgm390UTPcUxTD_6N3a2wsLOKPJF9dz235WE_PZ2_SwMl-xaBQWgpu2pxFk1D8LSIB-q-v4eCJthXsWuTFmWJePr5Y8_hvV7Rlv-2y-4xYjt0okg_umcPputUixMunQ8nTYP2OI5DwO8veiaqrh87hsxeshvM4KXMiUgbgi73fLmS5uwhwVm-Klq4QZDJGcM6Vqj-CFwW3TAFbT0HimjZt5DiTgHdPpaTla6k4TO-ZV232HwnD1iyG90sCez2ZI2v4ab_RShGfvHh6njC_nfjEcaduweKVy2KJuYv_EvmVe94VKoYjC7MsUwm-OyNirvN3oGztvi6vnb2XGndLtmsEgmEJjD5l2oimKhKdEiinGW2RV7bindBpbI8d4Yx23yenz02pXiZHq4Rl6AJQq0kKOmnYATWVooEPJ-r051ykrcI8_VNSMC-wnr6E_iLou8jnbCUxBlwolUUBnZ7BOj5W5_Gt63Nc"
}六、Token验证
- 创建路由
$api->get('test', ['middleware' => 'client', function() use ($api) {
return response('auth success');
}]);
/*// 特别注意 //*/
/*// lumen中必须以此格式使用client的中间件 //*/
/*// 文档中也没说明,尝试了好久发现 //*/
// 错误示范1:Undefined variable: closure 【报错】
$api->get('test', ['middleware' => 'client'], function () {
return response('auth success');
});
// 错误示范2:middleware not exits 【报错】
$api->get('test', function () {
return response('auth success');
})>middleware('client');至此lumen的passport client_credentials凭证验证基本完成。谨以此预防同我一样入坑的同学