[英]How to authenticate for Laravel API?
I'm writing my first Laravel API as a project to get to know Laravel. 我正在写我的第一个Laravel API作为了解Laravel的项目。 However, it's more difficult than I expected - eventhough I wrote a full webapp in laravel first.
但是,这比我预期的要困难得多-尽管我首先是在laravel中编写了一个完整的Web应用程序。 Also, I'm new to Stackoverflow, so I hope my question is correct.
另外,我是Stackoverflow的新手,所以我希望我的问题是正确的。
I've set up routes for my API, but now I also want to authenticate every API request. 我已经为我的API设置了路由,但是现在我还想验证每个API请求。 The routes I've set up can be found below:
我设置的路线可以在下面找到:
Route::group(['prefix' => 'api/v1', 'before' => 'basic.once'], function ()
{
Route::resource('lessons', 'LessonsController');
Route::get('lessons/user/{userid}', 'LessonsController@user');
Route::resource('user', 'UsersController');
Route::get('user/lessons/{user}', 'UsersController@lessons');
Route::get('user/lesson/{user}/{lesson}', 'UsersController@lesson');
});
I also created two filters for this: 我还为此创建了两个过滤器:
Route::filter('auth.basic', function()
{
return Auth::basic();
});
Route::filter('basic.once', function()
{
return Auth::onceBasic('email');
});
However, since the concept of authentication through an API is still a bit vague to me, I don't know which filter is the best one to use for these? 但是,由于通过API进行身份验证的概念对我来说仍然有点模糊,我不知道哪种过滤器最适合用于这些过滤器?
if this is an API you are not going to log the api sender. 如果这是一个API,则不会记录api发送者。
So I would create a new filter and add authentication by your needs: 因此,我将创建一个新的过滤器并根据您的需要添加身份验证:
Route::filter('apiAuth', function()
{
$user = Input::get('user');
$key = Input::get('key');
if (!isset($user, $key)){
die('error');
}
if(!checkDataHere){
die('error');
}
});
this is very basic, but this is the general idea 这是非常基本的,但这是总体思路
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.