Laravel同时获得Auth变量-基于API令牌和基于会话的身份验证
[英]Laravel get Auth variable for both - api token and session based authentication
问题描述
I am using laravel 5.2 . 
我正在使用laravel 5.2 。
Recently, I've updated Auth module to have session based authentication for web and api_token based authentication for external api calls. 最近,我更新了Auth模块,使其具有针对Web的基于session的身份验证和针对外部api调用的基于api_token的身份验证。
Now, I am finding error in using Auth::id() and Auth::user() where I've used api_token based authentication. 现在,我在使用基于api_token的身份验证的地方使用Auth::id()和Auth::user()时发现错误。 So that I am forced to use Auth::guard('api')->id() and Auth::guard('api')->user() methods instead. 因此,我被迫使用Auth::guard('api')->id()和Auth::guard('api')->user()方法。
Now, my question is, is there any common method that I can use for both irrespective of api_token based authentication or session based? 现在,我的问题是,无论基于api_token的身份验证还是基于session的方法,我都可以使用两种通用方法吗? What about auth()->user() and auth()->id() ? auth()->user()和auth()->id()呢?
What if am I using the any method for both of the authentication? 如果我对两种身份验证都使用any方法怎么办? For example, methodA() is used within api_token based authentication as well as in session based too, how can I handle that case if I required to use Auth variable? 例如, methodA()可在基于api_token的身份验证以及基于session的身份验证中使用,如果需要使用Auth变量,该如何处理?
1 个解决方案
解决方案1
1 2016-07-27 19:21:56
I think that controllers, that handle regular requests (through session-based authentication), should be separate from api controllers (token-based authentication). 我认为处理常规请求(通过基于会话的身份验证)的控制器应与api控制器(基于令牌的身份验证)分开。 So, each controller would have responsibility over a single part of the functionality. 因此,每个控制器将对功能的单个部分负责。 Also, changes in api controller will not have side effect in session controller. 此外,api控制器中的更改将不会在会话控制器中产生副作用。 Therefore, you can specify auth guard explicitly in each controller. 因此,您可以在每个控制器中显式指定auth Guard。 Laravel requires specifying guard explicitly, otherwise default guard will be used. Laravel需要明确指定防护,否则将使用默认防护。 There is no way to make intelligent guess about what guard to use natively. 没有办法就本机使用哪种防护措施做出明智的猜测。 Of course, you can make something like this: 当然,您可以进行如下操作:
public function action(Request $request)
{
$guard = $request->has('api_token') ? 'api' : 'session';
$authUser = Auth::guard($guard)->user();
//your code next
}
If you will go with separate controllers you can generalize common functionality into parent abstract controller. 如果要使用单独的控制器,则可以将通用功能概括为父抽象控制器。 Note, in example below ChildControllers differs only by namespace. 注意,在下面的示例中,ChildControllers仅在名称空间上有所不同。 Parent: 上级:
<?php
namespace App\Http\Controllers\Api
use App\Http\Controllers\Controller;
abstract class ParentController extends Controller
{
public function action(Request $request)
{
$authUser = Auth::guard($this->guard)->user();
//your code...
}
}
API controller: API控制器:
<?php
namespace App\Http\Controllers\Api
use App\Http\Controllers\ParentController
class ChildController extends ParentController
{
protected $guard = 'api';
//your code...
}
Session Controller: 会话控制器:
<?php
namespace App\Http\Controllers\Session
use App\Http\Controllers\ParentController
class ChildController extends ParentController
{
protected $guard = 'session';
//your code...
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.