我以下:
1)在routes.php
我定義中間件路由組:在app/Http/Middleware/HasAccessToBilling.php
Route::group(['prefix' => 'auth'], function() {
Route::get('/', ['as' => 'auth', 'uses' => '[email protected]']);
Route::post('/', ['as' => 'auth.attempt', 'uses' => '[email protected]']);
Route::delete('/', ['uses' => '[email protected]']);
Route::any('destroy', ['as' => 'auth.destroy', 'uses' => '[email protected]']);
});
Route::group(['prefix' => 'billing', 'namespace' => 'Billing', 'middleware' => ['App\Http\Middleware\HasAccessToBilling']], function()
{
Route::any('/', ['as' => 'billing', 'uses' => '[email protected]']);
Route::get('profile', ['as' => 'billing.profile', 'uses' => '[email protected]']);
});
2)I限定:
<?php namespace App\Http\Middleware;
use App\Library\Auth;
use Closure;
use Illuminate\Http\Request;
class HasAccessToBilling
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
if (Auth::hasAccessTo('billing', $request)) {
return $next($request);
}
return redirect()->route('auth');
}
}
3)在app/Library/Auth.php
:(定製Auth
lib)
<?php namespace App\Library;
use \App\Models\User; // I keep Models in app/Models folder and define namespace App\Models;
use Illuminate\Http\Request;
use Crypt;
class Auth
{
const REALMS = 'api,billing';
public static function attempt($realm, Request $request)
{
$username = $request->input('username');
$password = $request->input('password');
$remember = $request->input('remember', false);
$User = (filter_var($username, FILTER_VALIDATE_EMAIL)) ?
User::whereEmail($username)->first()
: User::whereUsername($username)->first();
if (!$User) {
return false;
}
if (!$User->checkPassword($password)) {
return false;
}
$realms = (is_array($realm) AND !empty($realm)) ? $realm : [$realm];
$auth = [
'timestamp' => time(),
'user_id' => $User->id,
'access_to' => [],
'roles' => [],
'permissions' => []
];
$auth = $request->session()->get('auth', $auth);
foreach ($realms AS $realm) {
if (!in_array($realm, $auth['access_to'])) {
$auth['access_to'][] = $realm;
}
}
if($remember) {
$rememberToken = Crypt::encrypt(json_encode($auth));
$auth['remember-token'] = $rememberToken;
}
$request->session()->put('auth', $auth);
return $auth;
}
public static function destroy(Request $request, $realm = null)
{
if (is_null($realm)) {
$request->session()->forget('auth');
return true;
}
$auth = $request->session()->get('auth');
if (isset($auth['access_to'])) {
$realms = (is_array($realm) AND !empty($realm)) ? $realm : [$realm];
foreach ($realms AS $realm) {
$key = array_search($realm, $auth['access_to']);
unset($auth['access_to'][$key]);
}
$auth['access_to'] = array_values($auth['access_to']);
if(sizeof($auth['access_to']) > 0) {
$request->session()->put('auth', $auth);
}
else {
$request->session()->forget('auth');
}
return true;
}
return false;
}
public static function recoverSession(Request $request)
{
$rememberToken = $request->cookie('remember-token', null);
if(is_null($rememberToken)) {
return null;
}
try{
$rememberToken = Crypt::decrypt($rememberToken);
$auth = json_decode($rememberToken, true);
$request->session()->set('auth', $auth);
}
catch(\Exception $ex) {}
return $request->session()->get('auth');
}
public static function hasAccessTo($realm, Request $request)
{
$auth = $request->session()->get('auth', null);
if (is_null($auth)) {
$auth = self::recoverSession($request);
}
return (isset($auth['access_to']))?
in_array($realm, $auth['access_to'])
: false;
}
}
4)app/Models/User.php
:(不要忘記創建模型文件夾)
<?php namespace App\Models;
use Illuminate\Database\Eloquent\Model;
use Hash;
use Closure;
class User extends Model
{
const USERNAME_MAXLEN = 2;
const PASSWORD_MAXLEN = 5;
protected $table = 'users';
protected $fillable = ['username', 'email', 'password', 'active', 'deleted'];
public function checkPassword($password)
{
return Hash::check($password, $this->password);
}
public function updateAndCall($attributes = [], Closure $closure) {
if(isset($attributes['password'])) {
$attributes['password'] = Hash::make($attributes['password']);
}
$this->update($attributes);
return $closure($this);
}
public static function createAndCall($attributes = [], Closure $closure) {
if(isset($attributes['password'])) {
$attributes['password'] = Hash::make($attributes['password']);
}
$Record = self::create($attributes);
return $closure($Record);
}
}
5)app\Http\Controllers\AuthController.php
:
<?php namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Library\Auth;
class AuthController extends Controller
{
public function index()
{
return view('auth.index');
}
public function attempt(Request $request)
{
$realms = $request->get('realm', Auth::REALMS);
if (!is_null($realms)) {
$realms = explode(',', $realms);
}
$auth = Auth::attempt($realms, $request);
if ($auth === false) {
return $this->forbidden('Username and/or Password invalid!');
}
foreach ($realms AS $realm) {
if (!Auth::hasAccessTo($realm, $request)) {
return $this->forbidden('Access denied');
}
}
if (isset($auth['remember-token'])) {
$this->setCookie('remember-token', $auth['remember-token'], 525600); // 1 year
}
return $this->ok(null, ['redirectTo' => $realms[0]]);
}
public function destroy(Request $request)
{
$realms = $request->get('realm', Auth::REALMS);
if (is_array($realms) AND !empty($realms)) {
$realms = explode(',', $realms);
}
Auth::destroy($request, $realms);
$this->deleteCookie('remember-token');
return redirect()->route('auth');
}
}
免費填寫您希望如何使用它( ;
感謝您的快速響應。我會調查你的概念,並申請,如果一切檢查。如果我最終這樣做,我會標記爲已回答!再次感謝您的幫助。 –
您提供的示例中顯示的概念幫助我在分解問題的根本原因以及如何正確實施會話處理方面做了大量工作。當我穩定了一切,希望幫助其他可能遇到我發現的相同問題的人時,我會在適當的時候公佈我得到的結果。 再次感謝男人! –
@ user3124770我真的希望這是您的最佳解決方案。 – num8er