| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 |
- <?php
- namespace App\Http\Controllers\Api;
- use App\Http\Requests\Api\AuthorizationRequest;
- use Illuminate\Http\Request;
- # use App\Http\Controllers\Controller;
- use Illuminate\Support\Facades\Auth;
- class AuthorizationsController extends Controller
- {
- public function __construct()
- {
- // 这里额外注意了:官方文档样例中只除外了『login』
- // 这样的结果是,token 只能在有效期以内进行刷新,过期无法刷新
- // 如果把 refresh 也放进去,token 即使过期但仍在刷新期以内也可刷新
- // 不过刷新一次作废
- $this->middleware('auth:api', ['except' => ['login']]);
- // 另外关于上面的中间件,官方文档写的是『auth:api』
- // 但是我推荐用 『jwt.auth』,效果是一样的,但是有更加丰富的报错信息返回
- }
- // api 登录
- public function login(AuthorizationRequest $request)
- {
- $credentials = [
- 'email' => $request->email,
- 'password' => $request->password,
- ];
- if (! $token = Auth::guard('api')->attempt($credentials)) {
- // return response()->json(['error' => 'Unauthorized'], 401);
- return $this->errorUnauthorized('用户名或密码错误');
- }
- return $this->respondWithToken($token);
- }
- /**
- * Get the authenticated User.
- *
- * @return \Illuminate\Http\JsonResponse
- */
- public function me()
- {
- return response()->json(auth('api')->user());
- }
- // 删除 token
- public function logout()
- {
- Auth::guard('api')->logout();
- // return $this->noContent();
- return response()->json(['message' => 'Successfully logged out']);
- }
- /**
- * Refresh a token.
- * 刷新token,如果开启黑名单,以前的token便会失效。
- * 值得注意的是用上面的getToken再获取一次Token并不算做刷新,两次获得的Token是并行的,即两个都可用。
- * @return \Illuminate\Http\JsonResponse
- */
- public function refresh()
- {
- $token = Auth::guard('api')->refresh();
- return $this->respondWithToken($token);
- }
- // 响应 token
- protected function respondWithToken($token)
- {
- return response([
- 'access_token' => $token,
- 'token_type' => 'Bearer',
- 'expires_in' => Auth::guard('api')->factory()->getTTL() * 60
- ], 201);
- }
- }
|
