2014-05-14 08:45
浏览 264

Laravel API Auth类使用

Trying to build and API based on laravel that aims to grow to intense usage by lots of clients. My question is whether there are serious drawbacks of using Auth class in my code ? I have implemented the OAuth2 authorization, and to get info about the user that is making the request I have a filter :

Route::filter('hasAccess', function($request)
        //get the cleaned token string
        $auth_code = Request::header('Authorization');
        $auth_code = trim(preg_replace('/Bearer/sui', "", $auth_code));
        //get the stored session and put the query in cache for 10 minutes
        $ts = DB::table('sessions as s')
                ->leftJoin('oauth_session_access_tokens as osat', 's.token', '=', '')
                ->where('osat.access_token', '=', $auth_code)
                ->remember(10, $auth_code)
        //Auth user cross-app
        //Extract the requested action
        $request = $request->getAction();
        $request = $request['controller'];
        $parts = explode('@', $request);
        $required = strtolower($parts[0]).'.'.$parts[1];
        $required = preg_replace('/controller/sui', "", $required);
        //Get the permissions
        $permissions = json_decode($ts->permissions, true);
        $permissions = array_fetch($permissions,'name');
        if (!in_array($required,$permissions))
            return Response::json([
                    'error' => true,
                    'dataset' => 'You don\'t have rights to access this url'


It validates the user access rights to the controller action, but the most interesting in it is the row with Auth::onceUsingId($ts->user);. This rows authorizez the user for only 1 request. Also if any other ways to get info about user exist, please mention them. Thanks

图片转代码服务由CSDN问答提供 功能建议

尝试基于laravel构建和API,旨在增加大量客户的密集使用。 我的问题是在我的代码中使用 Auth 类是否有严重的缺点? 我已经实现了OAuth2授权,并获取有关发出请求的用户的信息我有一个过滤器:

  Route :: filter('hasAccess',function($ request)
 $ auth_code = Request :: header('授权)  '); 
 $ auth_code = trim(preg_replace('/ Bearer / sui',“”,$ auth_code)); 
 $ ts = DB  :: table('sessions as s')
  - > leftJoin('oauth_session_access_tokens as osat','s.token','=','')
  - > select('s。*  ')
  - > where('osat.access_token','=',$ auth_code)
  - >记住(10,$ auth_code)
  - > first(); 
 // Auth用户交叉 -app 
 Auth :: onceUsingId($ ts-> user); 
 $ request = $ request-> get  Action(); 
 $ request = $ request ['controller']; 
 $ parts = explode('@',$ request); 
 $ required = strtolower($ parts [0])。'。'。  $ parts [1]; 
 $ required = preg_replace('/ controller / sui',“”,$ required); 
 $ permissions = json_decode($ ts-> permissions,true)  ; 
 $ permissions = array_fetch($ permissions,'name'); 
 if(!in_array($ required,$ permissions))
返回Response :: json([
'error'=>  true,
'atatat'=>  '你没有权限访问这个网址'

它 验证用户对控制器操作的访问权限,但最有趣的是带有 Auth :: onceUsingId($ ts-> user); 的行。 此行仅为用户授权1个请求。 此外,如果存在任何其他获取用户信息的方法,请提及它们。 谢谢

  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 邀请回答

1条回答 默认 最新

  • douren9077 2014-05-14 11:57

    You talk about 'serious drawbacks' of using Auth class code - but you dont really explain drawbacks compared to what? Just manually looking in the database yourself for the user?

    All the Auth::onceUsingId() is doing is logging your user into the application without a session or cookie. This is perfect for an API - as you dont normally have persistence between requests.

    You can then do Auth::user() to get data about the user, such as Auth::user()->name.

    解决 无用
    打赏 举报

相关推荐 更多相似问题