多表登录、单页面API认证

Author: qiang.sun

.gitignore

@@ -11,4 +11,4 @@ Homestead.yaml
 npm-debug.log
 yarn-error.log
 .env
-.phpunit.result.cache
+.phpunit.result.cache

app/Admin.php

@@ -0,0 +1,29 @@
+<?php
+
+namespace App;
+
+use Illuminate\Foundation\Auth\User as Authenticatable;
+use Illuminate\Notifications\Notifiable;
+
+class Admin extends Authenticatable
+{
+    use Notifiable;
+
+    /**
+     * The attributes that are mass assignable.
+     *
+     * @var array
+     */
+    protected $fillable = [
+        'name', 'email', 'password',
+    ];
+
+    /**
+     * The attributes excluded from the model's JSON form.
+     *
+     * @var array
+     */
+    protected $hidden = [
+        'password', 'remember_token',
+    ];
+}

app/Extensions/EloquentUserProvider.php

@@ -0,0 +1,45 @@
+<?php
+namespace App\Extentions;
+
+use Illuminate\Support\Str;
+use Illuminate\Auth\EloquentUserProvider as BaseUserProvider;
+
+class EloquentUserProvider extends BaseUserProvider
+{
+    /**
+     * Retrieve a user by the given credentials.
+     *
+     * @param  array  $credentials
+     * @return \Illuminate\Contracts\Auth\Authenticatable|null
+     */
+    public function retrieveByCredentials(array $credentials)
+    {
+        if (empty($credentials) ||
+            (count($credentials) === 1 &&
+                array_key_exists('password', $credentials))) {
+            return;
+        }
+
+        // First we will add each credential element to the query as a where clause.
+        // Then we can execute the query and, if we found a user, return it in a
+        // Eloquent User "model" that will be utilized by the Guard instances.
+        $query = $this->createModel()->newQuery();
+
+        // 用于标识是否是第一个登录字段，如果包含多个登录字段，使用 OR 查询
+        $flag = false;
+        foreach ($credentials as $key => $value) {
+            if (Str::contains($key, 'password')) {
+                continue;
+            }
+
+            if ($flag) {
+                $query->orWhere($key, $value);
+            } else {
+                $query->where($key, $value);
+                $flag = true;
+            }
+        }
+
+        return $query->first();
+    }
+}

app/Http/Controllers/Admin/LoginController.php

@@ -0,0 +1,35 @@
+<?php
+
+namespace App\Http\Controllers\Admin;
+
+use Illuminate\Foundation\Auth\AuthenticatesUsers;
+use Illuminate\Http\Request;
+use App\Http\Controllers\Controller;
+use Illuminate\Support\Facades\Auth;
+
+class LoginController extends Controller
+{
+    use AuthenticatesUsers;
+
+    protected $redirectTo = '/admin';
+
+    public function __construct()
+    {
+        $this->middleware('guest:admin')->except('logout');
+    }
+
+    public function showLoginForm()
+    {
+        return view('admin.login');
+    }
+
+    protected function guard()
+    {
+        return Auth::guard('admin');
+    }
+
+    protected function loggedOut(Request $request)
+    {
+        return redirect(route('admin.login'));
+    }
+}

app/Http/Controllers/Admin/RegisterController.php

@@ -0,0 +1,63 @@
+<?php
+
+namespace App\Http\Controllers\Admin;
+
+use App\Admin;
+use Illuminate\Foundation\Auth\RegistersUsers;
+use Illuminate\Http\Request;
+use App\Http\Controllers\Controller;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Support\Facades\Validator;
+
+class RegisterController extends Controller
+{
+    use RegistersUsers;
+
+    protected $redirectTo = '/admin';
+
+    public function __construct()
+    {
+        $this->middleware('guest:admin');
+    }
+
+    public function showRegistrationForm()
+    {
+        return view('admin.register');
+    }
+
+    protected function guard()
+    {
+        return Auth::guard('admin');
+    }
+
+    /**
+     * Get a validator for an incoming registration request.
+     *
+     * @param  array  $data
+     * @return \Illuminate\Contracts\Validation\Validator
+     */
+    protected function validator(array $data)
+    {
+        return Validator::make($data, [
+            'name' => 'required|string|max:255',
+            'email' => 'required|string|email|max:255|unique:users',
+            'password' => 'required|string|min:6|confirmed',
+        ]);
+    }
+
+    /**
+     * Create a new user instance after a valid registration.
+     *
+     * @param  array  $data
+     * @return \App\User
+     */
+    protected function create(array $data)
+    {
+        return Admin::create([
+            'name' => $data['name'],
+            'email' => $data['email'],
+            'password' => Hash::make($data['password']),
+        ]);
+    }
+}

app/Http/Controllers/AdminController.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use Illuminate\Http\Request;
+
+class AdminController extends Controller
+{
+    /**
+     * Create a new controller instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        $this->middleware('auth:admin');
+    }
+
+    /**
+     * Show the application dashboard.
+     *
+     * @return \Illuminate\Http\Response
+     */
+    public function index()
+    {
+        return view('admin.home');
+    }
+}

app/Http/Controllers/Auth/LoginController.php

@@ -4,6 +4,7 @@
 
 use App\Http\Controllers\Controller;
 use Illuminate\Foundation\Auth\AuthenticatesUsers;
+use Illuminate\Http\Request;
 
 class LoginController extends Controller
 {
@@ -27,6 +28,14 @@ class LoginController extends Controller
      */
     protected $redirectTo = '/home';
 
+    // 单位时间内最大登录尝试次数
+    //protected $maxAttempts = 3;
+    // 单位时间值
+    //protected $decayMinutes = 30;
+
+    // 支持的登录字段
+    protected $supportFields = ['name', 'email'];
+
     /**
      * Create a new controller instance.
      *
@@ -36,4 +45,21 @@ public function __construct()
     {
         $this->middleware('guest')->except('logout');
     }
+
+    /*public function username()
+    {
+        return 'name';
+    }*/
+
+    // 将支持的登录字段都传递到 UserProvider 进行查询
+    public function credentials(Request $request)
+    {
+        $credentials = $request->only($this->username(), 'password');
+        foreach ($this->supportFields as $field) {
+            if (empty($credentials[$field])) {
+                $credentials[$field] = $credentials[$this->username()];
+            }
+        }
+        return $credentials;
+    }
 }

app/Http/Controllers/HomeController.php

@@ -3,6 +3,7 @@
 namespace App\Http\Controllers;
 
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
 
 class HomeController extends Controller
 {

app/Http/Controllers/TaskController.php

@@ -14,9 +14,15 @@ public function home()
 
     public function index()
     {
+        dd('tasks');
         return view('task.index')->with('tasks', Task::all());
     }
 
+    public function index2()
+    {
+        dd('tasks2');
+    }
+
     public function create()
     {
 

app/Http/Kernel.php

@@ -35,6 +35,7 @@ class Kernel extends HttpKernel
             \Illuminate\View\Middleware\ShareErrorsFromSession::class,
             \App\Http\Middleware\VerifyCsrfToken::class,
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
+            \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
         ],
 
         'api' => [

app/Http/Middleware/Authenticate.php

@@ -2,10 +2,13 @@
 
 namespace App\Http\Middleware;
 
+use Illuminate\Auth\AuthenticationException;
 use Illuminate\Auth\Middleware\Authenticate as Middleware;
 
 class Authenticate extends Middleware
 {
+    protected $redirectTo = '';
+
     /**
      * Get the path the user should be redirected to when they are not authenticated.
      *
@@ -16,4 +19,27 @@ protected function redirectTo($request)
     {
         return route('login');
     }
+
+    protected function authenticate($request, array $guards)
+    {
+        if (empty($guards)) {
+            $guards = [null];
+        }
+
+        foreach ($guards as $guard) {
+            if ($this->auth->guard($guard)->check()) {
+                return $this->auth->shouldUse($guard);
+            }
+        }
+
+        // 这里我们以 guards 传入的第一个参数为准选择跳转到的登录页面
+        $guard = $guards[0];
+        if ($guard == 'admin') {
+            $this->redirectTo = route('admin.login');
+        }
+
+        throw new AuthenticationException(
+            'Unauthenticated.', $guards, $this->redirectTo ? : $this->redirectTo($request)
+        );
+    }
 }

app/Http/Middleware/RedirectIfAuthenticated.php

@@ -18,6 +18,9 @@ class RedirectIfAuthenticated
     public function handle($request, Closure $next, $guard = null)
     {
         if (Auth::guard($guard)->check()) {
+            if ($guard == 'admin') {
+                return redirect('/admin');
+            }
             return redirect('/home');
         }
 

app/Providers/AuthServiceProvider.php

@@ -2,8 +2,11 @@
 
 namespace App\Providers;
 
+use App\Extentions\EloquentUserProvider;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Gate;
 use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
+use Laravel\Passport\Passport;
 
 class AuthServiceProvider extends ServiceProvider
 {
@@ -25,7 +28,12 @@ public function boot()
     {
         $this->registerPolicies();
 
-        //
+        // 通过自定义的 EloquentUserProvider 覆盖系统默认的
+        Auth::provider('eloquent', function ($app, $config) {
+            return new EloquentUserProvider($app->make('hash'), $config['model']);
+        });
+
+        Passport::routes();
     }
 
 }

app/User.php

@@ -9,10 +9,11 @@
 use Illuminate\Notifications\Notifiable;
 use Illuminate\Contracts\Auth\MustVerifyEmail;
 use Illuminate\Foundation\Auth\User as Authenticatable;
+use Laravel\Passport\HasApiTokens;
 
 class User extends Authenticatable
 {
-    use Notifiable;
+    use HasApiTokens, Notifiable;
 
     /**
      * The attributes that are mass assignable.
@@ -67,9 +68,9 @@ protected static function boot()
         parent::boot();
 
         //static::addGlobalScope(new EmailVerifiedAtScope());
-        static::addGlobalScope('email_verified_at_scope', function (Builder $builder) {
+        /*static::addGlobalScope('email_verified_at_scope', function (Builder $builder) {
             return $builder->whereNotNull('email_verified_at');
-        });
+        });*/
     }
 
     public function profile()