代码语言:javascript复制
composer require lcobucci/jwt
composer require lcobucci/jwt=3.3.3<?php
return [
'ALI_APPID'=>'',
'ALI_APPSECRET'=>'',
'ALI_SNAME'=>'',
'ALI_TCODE'=>'',
'API_KEY' =>'',
'API_HOST'=>'http://www.lampol.vip'
];下面的是中间件内:
代码语言:javascript复制<?php
declare (strict_types = 1);
namespace appmiddleware;
use LcobucciJWTParser;
use LcobucciJWTValidationData;
use LcobucciJWTSignerHmacSha256;
class Api
{
/**
* 处理请求
*
* @param thinkRequest $request
* @param Closure $next
* @return Response
*/
public function handle($request, Closure $next)
{
$header = $request->header();
if(!isset($header['token'])){//没有token的话,进行if里面
return json(['code'=>440,'msg'=>'request must with token']);
}
$token = $header['token'];
try{
$token = (new Parser())->parse($token);//token解析,解析成一个对象(切记,如果用户随意改的token会进入catch里面)
}catch(Exception $e){
return json(['code'=>440,'msg'=>'invalid token']);
}
$signer = new Sha256();
//verify进行合法性验证
if(!$token->verify($signer,config('shop.API_KEY'))){
return json(['code'=>440,'msg'=>'token verify failed']);
}
$data = new ValidationData(); //验证token是否在有效期内
if(!$token->validate($data)){
$mobile = $token->getClaim('mobile');
$token = getToken($mobile);
return json(['code'=>450,'msg'=>'token expired','token'=>$token]);
}
return $next($request);
}
}
