Bu dökümantasyonda Lumen Framework Rest API için kurulumu ve kullanımı anlatılmıştır.
- Kullanılacak jwt paketi
- paketin entegrasyonu
- .env ayarları
- middleware ayarları
- rotaların ayarlanması
JWT Kütüphanesi
- composer require firebase/php-jwt
.env
JWT_SECRET=xxxxxxxxxxxxxxxxx
bootstrap/app.php
Aşağıdaki düzenlemeler yapılır.
$app->withEloquent();
Middleware tanıtımı
$app->routeMiddleware([
'jwt.auth' => App\Http\Middleware\JwtMiddleware::class,
]);
routes/web.php
Login işlemi yapıp token almak için aşağıdaki rota eklenir
$router->post(
'auth/login',
[
'uses' => 'AuthController@authenticate'
]
);
Rotaların jwt kapsamına alınması
$router->group(['prefix' => 'authapi', 'middleware' => 'jwt.auth'], function ($router) {
...
$router->get('articles', 'ArticleController@showAllArticles');
...
});
AuthController.php
Token kontrolü yapacak controller
<?php
namespace App\Http\Controllers;
use Validator;
use App\User;
use Firebase\JWT\JWT;
use Illuminate\Http\Request;
use Firebase\JWT\ExpiredException;
use Illuminate\Support\Facades\Hash;
use Laravel\Lumen\Routing\Controller as BaseController;
class AuthController extends BaseController
{
/**
* The request instance.
*
* @var \Illuminate\Http\Request
*/
private $request;
/**
* Create a new controller instance.
*
* @param \Illuminate\Http\Request $request
* @return void
*/
public function __construct(Request $request) {
$this->request = $request;
}
/**
* Create a new token.
*
* @param \App\User $user
* @return string
*/
protected function jwt(User $user) {
$payload = [
'iss' => "lumen-jwt", // Issuer of the token
'sub' => $user->id, // Subject of the token
'iat' => time(), // Time when JWT was issued.
'exp' => time() + 60*60 // Expiration time
];
// As you can see we are passing `JWT_SECRET` as the second parameter that will
// be used to decode the token in the future.
return JWT::encode($payload, env('JWT_SECRET'));
}
/**
* Authenticate a user and return the token if the provided credentials are correct.
*
* @param \App\User $user
* @return mixed
*/
public function authenticate(User $user) {
$this->validate($this->request, [
'email' => 'required|email',
'password' => 'required'
]);
// Find the user by email
$user = User::where('email', $this->request->input('email'))->first();
if (!$user) {
// You wil probably have some sort of helpers or whatever
// to make sure that you have the same response format for
// differents kind of responses. But let's return the
// below respose for now.
return response()->json([
'error' => 'Email does not exist.'
], 400);
}
// Verify the password and generate the token
if (Hash::check($this->request->input('password'), $user->password)) {
return response()->json([
'token' => $this->jwt($user)
], 200);
}
// Bad Request response
return response()->json([
'error' => 'Email or password is wrong.'
], 400);
}
}
JwtMiddleware.php
Rotaları kapsayacak middleware
<?php
namespace App\Http\Middleware;
use Closure;
use Exception;
use App\User;
use Firebase\JWT\JWT;
use Firebase\JWT\ExpiredException;
class JwtMiddleware
{
public function handle($request, Closure $next, $guard = null)
{
$token = $request->get('token');
if(!$token) {
// Unauthorized response if token not there
return response()->json([
'error' => 'Token not provided.'
], 401);
}
try {
$credentials = JWT::decode($token, env('JWT_SECRET'), ['HS256']);
} catch(ExpiredException $e) {
return response()->json([
'error' => 'Provided token is expired.'
], 400);
} catch(Exception $e) {
return response()->json([
'error' => 'An error while decoding token.'
], 400);
}
$user = User::find($credentials->sub);
/* Now lets put the user in the request class so that you can grab it from there */
$request->auth = $user;
return $next($request);
}
}