Proyecto en Laravel con autenticación JWT
Comando para clonar proyecto:
git clone https://github.com/anayarojo/laravel-jwt.git
git clone git@github.com:anayarojo/laravel-jwt.git
Comando para ir a la carpeta del proyecto:
cd laravel-jwt
Comando para instalar los paquetes composer:
composer install
Comando para instalar los paquetes de node:
npm install
Mostrar
Method: POST
URL: {{host}}/api/register
Body:
{
"name": "{{name}}",
"email": "{{email}}",
"password": "{{password}}",
"password_confirmation": "{{password}}"
}
Response:
{
"user": {
"name": "Test1",
"email": "test1@email.com",
"updated_at": "2020-03-26 19:05:51",
"created_at": "2020-03-26 19:05:51",
"id": 2
},
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9sYXJhdmVsLWp3dC5yYW5heWFyb2pvLmNvbVwvXC9hcGlcL3JlZ2lzdGVyIiwiaWF0IjoxNTg1MjQ5NTUxLCJleHAiOjE1ODUyNTMxNTEsIm5iZiI6MTU4NTI0OTU1MSwianRpIjoidHlrMlpkVXhwZTF6bDcybyIsInN1YiI6MiwicHJ2IjoiMjNiZDVjODk0OWY2MDBhZGIzOWU3MDFjNDAwODcyZGI3YTU5NzZmNyJ9.ApagcOAEUBQYL2BeEYDuiiEAK2HElOuV84mshs6ScNg"
}
Method: POST
URL: {{host}}/api/login
Body:
{
"email": "{{email}}",
"password": "{{password}}"
}
Response:
{
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9sYXJhdmVsLWp3dC5yYW5heWFyb2pvLmNvbVwvXC9hcGlcL3JlZ2lzdGVyIiwiaWF0IjoxNTg1MjQ5NTUxLCJleHAiOjE1ODUyNTMxNTEsIm5iZiI6MTU4NTI0OTU1MSwianRpIjoidHlrMlpkVXhwZTF6bDcybyIsInN1YiI6MiwicHJ2IjoiMjNiZDVjODk0OWY2MDBhZGIzOWU3MDFjNDAwODcyZGI3YTU5NzZmNyJ9.ApagcOAEUBQYL2BeEYDuiiEAK2HElOuV84mshs6ScNg"
}
Method: GET
URL: {{host}}/api/open
Response:
{
"data": "This data is open and can be accessed without the client being authenticated"
}
Method: GET
URL: {{host}}/api/closed
Headers:
"Authorization": "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9sYXJhdmVsLWp3dC5yYW5heWFyb2pvLmNvbVwvXC9hcGlcL2xvZ2luIiwiaWF0IjoxNTg1MTkwMDMxLCJleHAiOjE1ODUxOTM2MzEsIm5iZiI6MTU4NTE5MDAzMSwianRpIjoiS3R6bDdWckE0SXh6OE1heSIsInN1YiI6MSwicHJ2IjoiMjNiZDVjODk0OWY2MDBhZGIzOWU3MDFjNDAwODcyZGI3YTU5NzZmNyJ9.5NNXWCFh6o1d1vv-goRA8l1OhfmWFh9HHBR5fO7YRn0"
Response:
{
"data": "This data is open and can be accessed without the client being authenticated"
}
Mostrar
Ejecutar comando para crear proyecto Laravel:
composer create-project --prefer-dist laravel/laravel laravel-jwt "5.4.*"
Ejecutar comando para instalar los paquetes composer:
composer install
Ejecutar comando para instalar los paquetes node:
npm install
Ejecutar comando para instalar JWT authentication:
composer require tymon/jwt-auth:dev-develop --prefer-source
Agregar el siguiente provider al array de providers en el archivo config/app.php:
[...]
Tymon\JWTAuth\Providers\LaravelServiceProvider::class,
[...]
Agregar los siguientes alias al array de alias:
[...]
'JWTAuth' => Tymon\JWTAuth\Facades\JWTAuth::class,
'JWTFactory' => Tymon\JWTAuth\Facades\JWTFactory::class,
[...]
Ejecutar comando para crear archivo de configuración para la autenticación JWT:
php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"
Ejecutar comando para crear llave secreta para la autenticación JWT en el archivo .env:
php artisan jwt:secret
Implementar JWTSubject en el modelo User de la siguiente manera:
<?php
namespace App;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Tymon\JWTAuth\Contracts\JWTSubject;
class User extends Authenticatable implements JWTSubject
{
use Notifiable;
/**
* The attributes that are mass assignable.
*
* @var array
*/
protected $fillable = [
'name', 'email', 'password',
];
/**
* The attributes that should be hidden for arrays.
*
* @var array
*/
protected $hidden = [
'password', 'remember_token',
];
public function getJWTIdentifier()
{
return $this->getKey();
}
public function getJWTCustomClaims()
{
return [];
}
}
Configurar conexión con la base de datos en el archivo .env:
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=homestead
DB_USERNAME=homestead
DB_PASSWORD=secret
Ejecutar comando para crear tablas del proyecto en la base de datos:
php artisan migrate
Ejecutar comandos para crear controladores:
php artisan make:controller UserController
php artisan make:controller DataController
Implementar UserController de la siguiente manera:
<?php
namespace App\Http\Controllers;
use App\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Validator;
use JWTAuth;
use Tymon\JWTAuth\Exceptions\JWTException;
class UserController extends Controller
{
public function authenticate(Request $request)
{
$credentials = $request->only('email', 'password');
try {
if (! $token = JWTAuth::attempt($credentials)) {
return response()->json(['error' => 'invalid_credentials'], 400);
}
} catch (JWTException $e) {
return response()->json(['error' => 'could_not_create_token'], 500);
}
return response()->json(compact('token'));
}
public function register(Request $request)
{
$validator = Validator::make($request->all(), [
'name' => 'required|string|max:255',
'email' => 'required|string|email|max:255|unique:users',
'password' => 'required|string|min:6|confirmed',
]);
if($validator->fails()){
return response()->json($validator->errors()->toJson(), 400);
}
$user = User::create([
'name' => $request->get('name'),
'email' => $request->get('email'),
'password' => Hash::make($request->get('password')),
]);
$token = JWTAuth::fromUser($user);
return response()->json(compact('user','token'),201);
}
public function getAuthenticatedUser()
{
try {
if (! $user = JWTAuth::parseToken()->authenticate()) {
return response()->json(['user_not_found'], 404);
}
} catch (Tymon\JWTAuth\Exceptions\TokenExpiredException $e) {
return response()->json(['token_expired'], $e->getStatusCode());
} catch (Tymon\JWTAuth\Exceptions\TokenInvalidException $e) {
return response()->json(['token_invalid'], $e->getStatusCode());
} catch (Tymon\JWTAuth\Exceptions\JWTException $e) {
return response()->json(['token_absent'], $e->getStatusCode());
}
return response()->json(compact('user'));
}
}
Implementar DataController de la siguiente manera:
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
class DataController extends Controller
{
public function open()
{
$data = "This data is open and can be accessed without the client being authenticated";
return response()->json(compact('data'),200);
}
public function closed()
{
$data = "Only authorized users can see this";
return response()->json(compact('data'),200);
}
}
Ejecutar comando para crear middleware:
php artisan make:middleware JwtMiddleware
Implementar JwtMiddleware de la siguiente manera:
<?php
namespace App\Http\Middleware;
use Closure;
use JWTAuth;
use Exception;
use Tymon\JWTAuth\Http\Middleware\BaseMiddleware;
class JwtMiddleware extends BaseMiddleware
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
try {
$user = JWTAuth::parseToken()->authenticate();
} catch (Exception $e) {
if ($e instanceof \Tymon\JWTAuth\Exceptions\TokenInvalidException){
return response()->json(['status' => 'Token is Invalid']);
}else if ($e instanceof \Tymon\JWTAuth\Exceptions\TokenExpiredException){
return response()->json(['status' => 'Token is Expired']);
}else{
return response()->json(['status' => 'Authorization Token not found']);
}
}
return $next($request);
}
}
Agregar JwtMiddleware al array de middlewares en el archivo app/http/Kernel.php:
[...]
protected $routeMiddleware = [
[...]
'jwt.verify' => \App\Http\Middleware\JwtMiddleware::class,
];
[...]
Agregar las siguientes rutas al archivo routes/api.php:
[...]
Route::post('register', 'UserController@register');
Route::post('login', 'UserController@authenticate');
Route::get('open', 'DataController@open');
Route::group(['middleware' => ['jwt.verify']], function() {
Route::get('user', 'UserController@getAuthenticatedUser');
Route::get('closed', 'DataController@closed');
});