安装jwt
composer require lcobucci/jwt 3.3
在应用目录下新建common文件夹,新建jwtAuth.php
代码如下
<?php
namespace app\api\common;
use Lcobucci\JWT\Builder;
use Lcobucci\JWT\Parser;
use Lcobucci\JWT\Signer\Hmac\Sha256;
use Lcobucci\JWT\ValidationData;
/**
* 单例 一次请求中所有出现jwt的地方都是一个用户
* Class JwtAuth
* @package app\api\common
*/
class JwtAuth
{
// jwt token
private $token;
// jwt 过期时间
private $expTime = 3600;
// claim iss
private $iss = ‘www.bugquit.com’;
// claim aud
private $aud = ‘bugquit_com’;
// claim uid
private $uid;
// secrect
private $secrect = ‘secondar*www.bugquit.com$www.imoecg.com#[email protected]&^%*()!~_+’;
// decode token
private $decodeToken;
// 单例模式JwtAuth句柄
private static $instance;
// 获取JwtAuth的句柄
public static function getInstance()
{
if (is_null(self::$instance)) {
self::$instance = new self();
}
return self::$instance;
}
// 私有化构造函数
private function __construct()
{
}
// 私有化clone函数
private function __clone()
{
// TODO: Implement __clone() method.
}
// 获取token
public function getToken()
{
return (string)$this->token;
}
// 设置token
public function setToken($token)
{
$this->token = $token;
return $this;
}
// 设置uid
public function setUid($uid)
{
$this->uid = $uid;
return $this;
}
// 获取uid
public function getUid()
{
return $this->uid;
}
// 编码jwt token
public function encode()
{
$time = time();
$this->token = (new Builder())->setHeader(‘alg’, ‘HS256’)
->setIssuer($this->iss)
->setAudience($this->aud)
->setIssuedAt($time)
->setExpiration($time + $this->expTime)
->set(‘uid’, $this->uid)
->sign(new Sha256(), $this->secrect)
->getToken();
return $this;
}
public function decode()
{
if (!$this->decodeToken) {
$this->decodeToken = (new Parser())->parse((string)$this->token); // Parses from a string
$this->uid = $this->decodeToken->getClaim(‘uid’);
}
return $this->decodeToken;
}
// validate
public function validate()
{
$data = new ValidationData(); // It will use the current time to validate (iat, nbf and exp)
$data->setIssuer($this->iss);
$data->setAudience($this->aud);
$data->setId($this->uid);
return $this->decode()->validate($data);
}
// verify token
public function verify()
{
$signer = new Sha256();
return $this->decode()->verify($signer, $this->secrect);
}
}
新建中间件文件夹middleware,新建中间件文件api.php
<?php
/**
* +———————————————————————-
* | Api中间件
* +———————————————————————-
*/
namespace app\api\middleware;
use app\api\common\JwtAuth;
use think\facade\Request;
use think\Response;
use think\exception\HttpResponseException;
class Api
{
public function handle($request, \Closure $next)
{
$token = Request::header(‘token’);
if ($token) {
if (count(explode(‘.’, $token)) <> 3) {
$this->result([], -1, ‘错误的token身份信息,请重新登录’);
}
//获取JwtAuth的句柄
$jwtAuth = JwtAuth::getInstance();
//设置token
$jwtAuth->setToken($token);
//验证token
if ($jwtAuth->validate() && $jwtAuth->verify()) {
return $next($request);
} else {
$this->result([], -1, ‘登录身份已过期’);
}
} else {
$this->result([], -1, ‘请先登录’);
}
return $next($request);
}
在api接口文件中使用即可
如在user.php中使用,这里lanr不需要鉴权
protected $middleware = [
‘app\api\middleware\Api’ => [‘except’ => [‘lanr’]],
];
如果都需要鉴权那就
'app\api\middleware\Api' => ['except' => []],
签发
$objJwtAuth = JwtAuth::getInstance();
$token = $objJwtAuth->setUid(“用户ID”)->encode()->setUserInfo(“用户信息”)->getToken();
即可
声明:
本文采用
BY-NC-SA
协议进行授权,如无注明均为原创,转载请注明转自
一颗大萝北
本文地址: TP6使用lcobucci/jwt 3.3开发接口,用于token和鉴权
本文地址: TP6使用lcobucci/jwt 3.3开发接口,用于token和鉴权