jwt组成三部分:
(1)头部:一个json字符串,包含当前令牌名称,以及加密算法。
(2)载荷:一个json字符创,包含一些自定义的信息。
(3)签名:由头部信息使用base64加密之后,拼接上载荷使用base64加密之后的部分,在加上当前的密钥,进行头部中的加密算法进行加密。
header (base64后的)
payload (base64后的)
secret
1.安装composer包
composer require firebase/php-jwt
2.封装创建Token和验证token方法
<?php
namespace App\Service;
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
class Token
{
protected $key;
public function __construct()
{
$this->key = 'AIDJANLG6LASLADGASD5L6K6H9SF8AG85G9S13G3GHG7613GH6G';
}
/**
* 生成token
*/
public function createToken($userId)
{
$payload = array(
"iss" => "",
"aud" => "",
"iat" => time(),
"nbf" => time(),
"exp" => time()+7200,
"uid" => $userId
);
$jwt = JWT::encode($payload, $this->key, 'HS256');
return $jwt;
}
//解密
public function decodeToken($jwt){
try {
$decoded = JWT::decode($jwt, new Key($this->key, 'HS256'));
return $decoded;
} catch (\Exception $e) {
return $e->getMessage();
}
}
}
3.创建token中间件进行验证
<?php
namespace App\Http\Middleware;
use App\Service\Token;
use Closure;
use Illuminate\Http\Request;
class JwtToken
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
$token = $request->header('token');
if(empty($token)){
return response()->json(['code'=>40001,'msg'=>'缺少参数token','data'=>''],JSON_UNESCAPED_UNICODE);
}
$res = (new Token())->decodeToken($token);
if(!is_numeric($res)){
return response()->json(['code'=>40002,'msg'=>$res,'data'=>''],JSON_UNESCAPED_UNICODE);
}
$request['uid'] = $res;
return $next($request);
}
}
4.加入在Kernel $routeMiddleware 中加入 Token的中间件
'login' => JwtToken::class,
5.路由使用token验证
Route::get('/test', [LoginController::class, 'test'])->middleware('login');