一、下载

打开 composer.json，require 新增引入

"dingo/api": "1.0.*@dev",
"tymon/jwt-auth": "0.5.*"

执行 composer update

composer update

dingo/api：https://github.com/dingo/api

tymon/jwt-auth：https://github.com/tymondesigns/jwt-auth

二、配置

修改 config/app.php 的 providers 属性

Dingo\Api\Provider\LaravelServiceProvider::class,
Tymon\JWTAuth\Providers\JWTAuthServiceProvider::class,

修改 config/app.php 的 aliases 属性

'JWTAuth' => Tymon\JWTAuth\Facades\JWTAuth::class,
'JWTFactory' => Tymon\JWTAuth\Facades\JWTFactory::class,

发布配置文件

php artisan vendor:publish --provider="Dingo\Api\Provider\LaravelServiceProvider"

php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\JWTAuthServiceProvider"

生成 key

php artisan jwt:generate

修改 .env

API_STANDARDS_TREE=vnd
API_PREFIX=api
API_VERSION=v1
API_DEBUG=true
JWT_SECRET=3BGN9K59Kg3tgiSWWIcF66CDRY9DFlTA

注意这里的 JWT_SECRET 是 php artisan jwt:generate 生成的

修改 config/api.php

'auth' => [
    'basic' => function($app){
        return new \Dingo\Api\Auth\Provider\Basic($app['auth']);
    },
    'jwt' =>  function($app){
        return new Dingo\Api\Auth\Provider\JWT($app['Tymon\JWTAuth\JWTAuth']);
    }
],

修改 app/Http/Kernel.php

protected $routeMiddleware = [
    'auth' => \App\Http\Middleware\Authenticate::class,
    'jwt.auth' => \Tymon\JWTAuth\Middleware\GetUserFromToken::class,
    'jwt.refresh' => \Tymon\JWTAuth\Middleware\RefreshToken::class,
];

三、课程列表

新建 app/Api/Controllers/BaseController.php

namespace App\Api\Controllers;

use App\Http\Controllers\Controller;
use Dingo\Api\Routing\Helpers;

class BaseController extends Controller
{
    use Helpers;
}

新建 app/Api/Controllers/LessonsController.php

namespace App\Api\Controllers;

use App\Api\Transformers\LessonTransformer;
use App\Lesson;

class LessonsController extends BaseController
{
    public function index()
    {
        $lessons = Lesson::all();
        return $this->collection($lessons, new LessonTransformer());
    }
}

新建 app/Api/Transformers/LessonTransformer.php

namespace App\Api\Transformers;

use App\Lesson;
use League\Fractal\TransformerAbstract;

class LessonTransformer extends TransformerAbstract
{
    public function transform(Lesson $lesson)
    {
        return [
            'title' => $lesson['title'],
            'content' => $lesson['content'],
            'isFee' => (boolean)$lesson['free'],
        ];
    }
}

修改 app/Http/routes.php

$api = app('Dingo\Api\Routing\Router');

$api->version('v1', function ($api){
    $api->group(['namespace'=>'App\Api\Controllers'], function($api){
        $api->get('lessons','LessonsController@index');
    });
});

查看 api 路由

php artisan api:routes

访问：http://localhost:8000/api/lessons

四、jwt 认证

4.1、登录

新建 app/Api/Controllers/AuhController.php

namespace App\Api\Controllers;

use Illuminate\Http\Request;
use Tymon\JWTAuth\Exceptions\JWTException;
use JWTAuth;

class AuthController extends BaseController
{
    public function authenticate(Request $request)
    {
        $credentials = $request->only('email', 'password');
        try {
            if (! $token = JWTAuth::attempt($credentials)) {
                return response()->json(['error' => 'invalid_credentials'], 401);
            }
        } catch (JWTException $e) {
            return response()->json(['error' => 'could_not_create_token'], 500);
        }
        return response()->json(compact('token'));
    }
}

修改 app/Http/routes.php

$api = app('Dingo\Api\Routing\Router');

$api->version('v1', function ($api){
    $api->group(['namespace'=>'App\Api\Controllers'], function($api){
        $api->post('user/login','AuthController@authenticate');
        $api->group(['middleware'=>'jwt.auth'], function($api){
            $api->get('lessons','LessonsController@index');
        });
    });
});

访问：http://localhost:8000/api/lessons

{
    "error": "token_not_provided"
}

使用 postman 登录：http://localhost:8000/api/user/login

访问：http://localhost:8000/api/lessons?token=，将登录成功的 token 拼接在后面，发现数据正常返回了。

如果数据表中的 email 和 password 为 user_email 和 user_password，修改 app/Api/Controllers/AuhController.php 的 authenticate 的 $credentials

$credentials = [
    'user_email' => $request->get('email'),
    'password' => $request->get('password'),
];

同时修改 app/User.php

public function getAuthPassword()
{
    return $this->user_password;
}

4.2、注册

修改 app/Http/routes.php

$api = app('Dingo\Api\Routing\Router');

$api->version('v1', function ($api){
    $api->group(['namespace'=>'App\Api\Controllers'], function($api){
        $api->post('user/login','AuthController@authenticate');
        $api->post('user/register','AuthController@register');
        $api->group(['middleware'=>'jwt.auth'], function($api){
            $api->get('lessons','LessonsController@index');
        });
    });
});

修改 app/Api/Controllers/AuhController.php

use App\User;

public function register(Request $request)
{
    //这里进行简单的验证
    $newUser = [
        'email' => $request->get('email'),
        'name' => $request->get('name'),
        'password' => bcrypt($request->get('password')),
    ];
    $user = User::create($newUser);
    $token = JWTAuth::fromUser($user);
    return response()->json(compact('token'));
}

4.3、课程详情

修改 app/Http/routes.php

$api = app('Dingo\Api\Routing\Router');

$api->version('v1', function ($api){
    $api->group(['namespace'=>'App\Api\Controllers'], function($api){
        $api->post('user/login','AuthController@authenticate');
        $api->post('user/register','AuthController@register');
        $api->group(['middleware'=>'jwt.auth'], function($api){
            $api->get('lessons','LessonsController@index');
            $api->get('lessons/{id}','LessonsController@show');
        });
    });
});

修改 app/Api/Controllers/LessonsController.php

public function show($id)
{
    $lesson = Lesson::find($id);
    if(empty($lesson)){
        return $this->response->errorNotFound('Lesson not found');
    }
    return $this->item($lesson, new LessonTransformer());
}

访问：http://localhost:8000/api/lessons/1?token=，将登录成功的 token 拼接在后面。

4.4、获取用户信息

修改 app/Http/routes.php

$api = app('Dingo\Api\Routing\Router');

$api->version('v1', function ($api){
    $api->group(['namespace'=>'App\Api\Controllers'], function($api){
        $api->post('user/login','AuthController@authenticate');
        $api->post('user/register','AuthController@register');
        $api->group(['middleware'=>'jwt.refresh'], function($api){
            $api->get('user/me','AuthController@getAuthenticatedUser');
            $api->get('lessons','LessonsController@index');
            $api->get('lessons/{id}','LessonsController@show');
        });
    });
});

修改 app/Api/Controllers/LessonsController.php

public function getAuthenticatedUser()
{
    try {
        if(! $user = JWTAuth::parseToken()->authenticate()){
            return response()->json(['user_not_found'], 404);
        }
    } catch (TokenExpiredException $e) {
        return response()->json(['user_not_found'], $e->getStatusCode());
    } catch (TokenInvalidException $e) {
        return response()->json(['token_invalid'], $e->getStatusCode());
    } catch (JWTException $e) {
        return response()->json(['token_absent'], $e->getStatusCode());
    }
    return response()->json(compact('user'));
}

访问：http://localhost:8000/api/user/me?token=，将登录成功的 token 拼接在后面。

注意：这里的使用的是 jwt.refresh，token 使用一次就失效了。