我的github博客:https://zgxxx.github.io/dingoapi中文文档:https://www.bookstack.cn/read...在LaravelJWT中使用:https://laravel-china.org/art...辅助文章:https://www.jianshu.com/p/62b...参考https://www.jianshu.com/p/62b。..这篇文章基本可以搭建环境,我用的版本和他的"dingo/api":"2.0.0-alpha1","tymon/jwt-auth":"^1.0.0-rc.1》,不知道其他版本有什么大的区别,但是网上找的其他一些文章用的都是老版本,jwt包的路径可能不一样,也有可能是错误的。有的文档还说要手动添加TymonJWTAuthProvidersLaravelServiceProvider::class和DingoApiProviderLaravelServiceProvider::class,其实新版本不需要了。1、composer.json导入包,执行composerupdate:"require":{......"dingo/api":"2.0.0-alpha1","tymon/jwt-auth":"^1.0.0-rc.1"},2.执行下面两条语句自动生成dingo和jwt配置文件:phpartisanvendor:publish--provider="Dingo\Api\Provider\LaravelServiceProvider"//config文件夹生成dingo配置文件--->api.phpphpartisanvendor:publish--provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"//config文件夹生成dingo配置文件--->jwt.php3.Configuration.env具体配置可以参考Documenthttps://www.bookstack.cn/read...,我的配置是API_STANDARDS_TREE=vndAPI_PREFIX=apiAPI_VERSION=v1API_DEBUG=trueAPI_SUBTYPE=myapp还需要在命令上执行phpartisanjwt:secret行,JWT_SECRET会自动添加到.env中,如果需要其他的,可以去各种配置文件中添加到.env中4.关键处理'defaults'=>['guard'=>'web','passwords'=>'users',],'guards'=>['web'=>['driver'=>'session','provider'=>'users',],'api'=>['driver'=>'jwt','provider'=>'users',],],这个需要改api原来的driver=>session才能使用jwt机制。提供者对应于您要使用的用户身份验证表单。一般就是登录和注册表单。getKey();}}/***返回一个键值数组,包含要添加到JWT的任何自定义声明。**@return数组*/publicfunctiongetJWTCustomClaims(){return[];}}5.设置controller考虑到后面可能需要开发不同版本的api,所以在app/Http/Controller下建立了V1和V2目录,根据自己的需要,写namespace即可middleware('refresh',['except'=>['login','register']]);}publicfunctiontest(){echo"test!!";}publicfunctionregister(Request$request){$rules=['name'=>['required'],'email'=>['required'],'password'=>['required','min:6','最大:16'],];$payload=$request->only('name','email','password');$validator=Validator::make($payload,$rules);//验证格式if($validator->fails()){return$this->response->array(['error'=>$validator->errors()]);}//创建用户$result=User::create(['name'=>$payload['name'],'email'=>$payload['email'],'password'=>bcrypt($payload['密码']),]);if($result){return$this->response->array(['success'=>'创建用户成功']);}else{return$this->response->array(['error'=>'创建用户失败']);}}/***通过给定的凭据获取JWT令牌。**@param\Illuminate\Http\Request$request**@return\Illuminate\Http\JsonResponse*/publicfunctionlogin(Request$request){$credentials=$request->only('email','p密码');如果($token=$this->guard()->attempt($credentials)){return$this->respondWithToken($token);}return$this->response->errorUnauthorized('登录失败');}/***获取经过身份验证的用户**@return\Illuminate\Http\JsonResponse*/publicfunctionme(){//returnresponse()->json($this->guard()->user());返回$this->response->array($this->guard()->user());}/***注销用户(使令牌无效)**@return\Illuminate\Http\JsonResponse*/publicfunctionlogout(){$this->guard()->logout();//returnresponse()->json(['message'=>'成功登出']);return$this->response->array(['message'=>'退出成功']);}/***刷新一个令牌。**@return\Illuminate\Http\JsonResponse*/publicfunctionrefresh(){返回$this->respondWithToken($this->guard()->refresh());}/***获取令牌数组结构。**@paramstring$token**@return\Illuminate\Http\JsonResponse*/保护函数respondWithToken($token){returnresponse()->json(['access_token'=>$token,'token_type'=>'bearer','expires_in'=>$this->guard()->factory()->getTTL()*60]);}/***获取要在身份验证期间使用的守卫。**@return\Illuminate\Contracts\Auth\Guard*/publicfunctionguard(){returnAuth::guard($this->guard);}}}controller中的namespace命名空间需要设置,在路由中需要使用。$this->middleware('refresh',['except'=>['login','register']]);这里的中间件使用了网上找的token,用来无痛刷新jwttoken。详细可以参考这篇文章:https://www.jianshu.com/p/9e9...6.refreshMiddlewarecheckForToken($request);//使用try包捕获token过期时抛出的TokenExpiredExceptiontry{//检查用户的登录状态,如果正常则通过if($this->auth->parseToken()->authenticate()){return$下一个($请求);}thrownewUnauthorizedHttpException('jwt-auth','未登录');}catch(TokenExpiredException$exception){//这里捕获过期的token抛出的TokenExpiredException异常,我们这里要做的是刷新用户的token,并添加到响应头中try{//刷新用户的token$token=$this->auth->refresh();//使用一次性登录保证本次请求成功\Auth::guard('api')->onceUsingId($this->auth->manager()->getPayloadFactory()->buildClaimsCollection()->toPlainArray()['sub']);}catch(JWTException$exception){//如果捕获到这个异常,说明刷新也已经过期,用户无法刷新token,需要重新登录。抛出新的UnauthorizedHttpException('jwt-auth',$exception->getMessage());}}return$next($request)->withHeaders(['Authorization'=>'Bearer'.$token,]);}}写完中间件后,需要在app/Http/Kernel.php中注入protected$routeMiddleware=[...'refresh'=>RefreshToken::class,];7.routes/api.php设置路由$api=app('Dingo\Api\Routing\Router');$api->version('v1',['namespace'=>'App\Http\Controllers\V1'],function($api){$api->post('register','AuthController@register');$api->post('login','AuthController@login');$api->post('logout','AuthController@logout');$api->post('refresh','AuthController@refresh');$api->post('me','AuthController@me');$api->get('测试','AuthController@test');});这里有个坑,不要写$api->post('me',['middleware'=>'refresh'],'AuthController@me');这样虽然中间件可以执行,但是一直执行到$next($request)这里会报错,好像是回调错误函数name必须是字符串,不知道具体原因,可以这样写$api->post('me',,'AuthController@me')->middleware('refresh');按照上面的步骤,可以建立简单的api后台基础,可以使用命令行获取api路由列表:phpartisanapi:routesroutes:list好像无法显示上面的api路由,需要重写api.php中要显示的原始laravel路由定义:例如,Route::post('api/test','AuthController@test');后续会用另一个空间记录postman和小程序相关的知识,可以关注我的博客:https://zgxxx.github.io
