Laravel Passport 构建 API 身份验证和授权

composer require laravel/passport php artisan migrate php artisan passport:install

...     'guards' => [         'web' => [             'driver' => 'session',             'provider' => 'users',         ],         'api' => [             'driver' => 'passport',             'provider' => 'users',         ],     ], ...

<?php namespace App; use IlluminateFoundationAuthUser as Authenticatable; use IlluminateNotificationsNotifiable; use LaravelPassportHasApiTokens; class User extends Authenticatable {     use Notifiable, HasApiTokens;     /**      * The attributes that are mass assignable.      *      * @var array      */     protected $fillable = [         &#39;name&#39;, &#39;email&#39;, &#39;password&#39;,     ];     /**      * The attributes that should be hidden for arrays.      *      * @var array      */     protected $hidden = [         &#39;password&#39;, &#39;remember_token&#39;,     ];     /**      * The attributes that should be cast to native types.      *      * @var array      */     protected $casts = [         &#39;email_verified_at&#39; => 'datetime',     ]; }

<?php namespace AppRepositoriesUser; use IlluminateHttpRequest; interface UserRepositoryInterface {     public function register(Request $request);     public function login(Request $request);     public function refreshToken(Request $request);     public function details();     public function logout(Request $request);     public function response($data, int $statusCode);     public function getTokenAndRefreshToken(string $email, string $password);     public function sendRequest(string $route, array $formParams);     public function getOClient(); }

<?php namespace AppRepositoriesUser; use AppUser; use GuzzleHttpClient; use IlluminateHttpRequest; use IlluminateSupportFacadesAuth; use LaravelPassportClient as OClient; use GuzzleHttpExceptionClientException; use AppRepositoriesUserUserRepositoryInterface; class UserRepository implements UserRepositoryInterface {     const SUCCUSUS_STATUS_CODE = 200;     const UNAUTHORISED_STATUS_CODE = 401;     const BASE_URL = "http://mylemp-nginx";     public function __construct(Client $client) {         $this->http = $client;     }     public function register(Request $request) {         $email = $request-&gt;email;         $password = $request-&gt;password;         $input = $request-&gt;all();         $input['password'] = bcrypt($input['password']);         User::create($input);         $response = $this-&gt;getTokenAndRefreshToken($email, $password);         return $this-&gt;response($response["data"], $response["statusCode"]);     }     public function login(Request $request) {         $email = $request-&gt;email;         $password = $request-&gt;password;         if (Auth::attempt(['email' =&gt; $email, 'password' =&gt; $password])) {             $response = $this-&gt;getTokenAndRefreshToken($email, $password);             $data = $response["data"];             $statusCode =  $response["statusCode"];         } else {             $data = ['error'=&gt;'Unauthorised'];             $statusCode =  self::UNAUTHORISED_STATUS_CODE;         }         return $this-&gt;response($data, $statusCode);     }     public function refreshToken(Request $request) {         if (is_null($request-&gt;header('Refreshtoken'))) {             return $this-&gt;response(['error'=&gt;'Unauthorised'], self::UNAUTHORISED_STATUS_CODE);         }         $refresh_token = $request-&gt;header('Refreshtoken');         $Oclient = $this-&gt;getOClient();         $formParams = [ 'grant_type' =&gt; 'refresh_token',                         'refresh_token' =&gt; $refresh_token,                         'client_id' =&gt; $Oclient-&gt;id,                         'client_secret' =&gt; $Oclient-&gt;secret,                         'scope' =&gt; '*'];         return $this-&gt;sendRequest("/oauth/token", $formParams);     }     public function details() {         $user = Auth::user();         return $this-&gt;response($user, self::SUCCUSUS_STATUS_CODE);     }     public function logout(Request $request) {         $request-&gt;user()-&gt;token()-&gt;revoke();         return $this-&gt;response(['message' =&gt; 'Successfully logged out'], self::SUCCUSUS_STATUS_CODE);     }     public function response($data, int $statusCode) {         $response = ["data"=&gt;$data, "statusCode"=&gt;$statusCode];         return $response;     }     public function getTokenAndRefreshToken(string $email, string $password) {         $Oclient = $this-&gt;getOClient();         $formParams = [ 'grant_type' =&gt; 'password',                         'client_id' =&gt; $Oclient-&gt;id,                         'client_secret' =&gt; $Oclient-&gt;secret,                         'username' =&gt; $email,                         'password' =&gt; $password,                         'scope' =&gt; '*'];         return $this-&gt;sendRequest("/oauth/token", $formParams);     }     public function sendRequest(string $route, array $formParams) {         try {             $url = self::BASE_URL.$route;             $response = $this-&gt;http-&gt;request('POST', $url, ['form_params' =&gt; $formParams]);             $statusCode = self::SUCCUSUS_STATUS_CODE;             $data = json_decode((string) $response-&gt;getBody(), true);         } catch (ClientException $e) {             echo $e-&gt;getMessage();             $statusCode = $e-&gt;getCode();             $data = ['error'=&gt;'OAuth client error'];         }         return ["data" =&gt; $data, "statusCode"=&gt;$statusCode];     }     public function getOClient() {         return OClient::where('password_client', 1)-&gt;first();     } }

<?php namespace AppHttpRequests; use IlluminateFoundationHttpFormRequest; use IlluminateContractsValidationValidator; use IlluminateHttpExceptionsHttpResponseException; class UserLoginRequest extends FormRequest {     const UNPROCESSABLE_ENTITY = 422;     public function rules() {         return [             &#39;email&#39; => 'required|email',             'password' =&gt; 'required',           ];     }     protected function failedValidation(Validator $validator) {         throw new HttpResponseException(response()-&gt;json($validator-&gt;errors(), self::UNPROCESSABLE_ENTITY));     } }

<?php namespace AppHttpRequests; use IlluminateFoundationHttpFormRequest; use IlluminateContractsValidationValidator; use IlluminateHttpExceptionsHttpResponseException; class UserRegisterRequest extends FormRequest {     const UNPROCESSABLE_ENTITY = 422;     public function rules() {         return [             &#39;name&#39; => 'required',             'email' =&gt; 'required|email|unique:users',             'password' =&gt; 'required',             'c_password' =&gt; 'required|same:password',           ];     }     protected function failedValidation(Validator $validator) {         throw new HttpResponseException(response()-&gt;json($validator-&gt;errors(), self::UNPROCESSABLE_ENTITY));     } }

<?php namespace AppProviders; use AppRepositoriesUserUserRepository; use AppRepositoriesUserUserRepositoryInterface; use IlluminateSupportServiceProvider; class AppServiceProvider extends ServiceProvider {     /**      * Register any application services.      *      * @return void      */     public function register() {         $this->app-&gt;bind(UserRepositoryInterface::class, UserRepository::class);     }     /**      * Bootstrap any application services.      *      * @return void      */     public function boot() {         //     } }

<?php namespace AppProviders; use IlluminateFoundationSupportProvidersAuthServiceProvider as ServiceProvider; use LaravelPassportPassport; class AuthServiceProvider extends ServiceProvider {     /**      * The policy mappings for the application.      *      * @var array      */     protected $policies = [         // &#39;AppModel&#39; => 'AppPoliciesModelPolicy',     ];     /**      * Register any authentication / authorization services.      *      * @return void      */     public function boot() {         $this-&gt;registerPolicies();         Passport::routes();     } }

<?php namespace AppHttpControllers; use IlluminateHttpRequest; use AppHttpRequestsUserLoginRequest; use AppHttpRequestsUserRegisterRequest; use AppRepositoriesUserUserRepositoryInterface; class UserController extends Controller {     const SUCCUSUS_STATUS_CODE = 200;     const UNAUTHORISED_STATUS_CODE = 401;     public function __construct(UserRepositoryInterface $userRepository) {         $this->userRepository = $userRepository;     }     public function login(UserLoginRequest $request) {         $response = $this-&gt;userRepository-&gt;login($request);         return response()-&gt;json($response["data"], $response["statusCode"]);     }     public function register(UserRegisterRequest $request) {         $response = $this-&gt;userRepository-&gt;register($request);         return response()-&gt;json($response["data"], $response["statusCode"]);     }     public function details() {         $response = $this-&gt;userRepository-&gt;details();         return response()-&gt;json($response["data"], $response["statusCode"]);     }     public function logout(Request $request) {         $response = $this-&gt;userRepository-&gt;logout($request);         return response()-&gt;json($response["data"], $response["statusCode"]);     }     public function refreshToken(Request $request) {         $response = $this-&gt;userRepository-&gt;refreshToken($request);         return response()-&gt;json($response["data"], $response["statusCode"]);     } }

<?php use IlluminateSupportFacadesRoute; Route::post(&#39;login&#39;, &#39;UserController@login&#39;); Route::post(&#39;register&#39;, &#39;UserController@register&#39;); Route::post(&#39;refreshtoken&#39;, &#39;UserController@refreshToken&#39;); Route::group([&#39;middleware&#39; => ['auth:api']], function () {     Route::post('logout', 'UserController@logout');     Route::post('details', 'UserController@details'); });