如何使用相同的身份验证保护对多种类型的用户进行身份验证[Lumen]

Question

我正在开发一个使用Lumen 8的API应用程序。我有3种类型的用户。对于它们，我使用了3种不同的模型。我使用的是JWT身份验证packege- tymon/jwt-auth。

这是我的Auth.php配置。我使用了3种类型的身份验证保护

return [
'defaults' => [
    'guard' => env('AUTH_GUARD', 'user'),
    'passwords' => 'users',
],

'guards' => [
    'user' => [
        'driver' => 'jwt',
        'provider' => 'users',
    ],
    'vendor_user' => [
        'driver' => 'jwt',
        'provider' => 'vendor_users',
    ],
    'super_user' => [
        'driver' => 'jwt',
        'provider' => 'super_users',
    ],
],

'providers' => [
    'users' => [
        'driver' => 'eloquent',
        'model' => \App\Models\User::class
    ],
    'vendor_users' => [
        'driver' => 'eloquent',
        'model' => \App\Models\VendorUser::class
    ],
    'super_users' => [
        'driver' => 'eloquent',
        'model' => \App\Models\SuperUser::class
    ]
],
'passwords' => [
    'users' => [
        'provider' => 'users',
        'table' => 'password_resets',
        'expire' => 60,
        'throttle' => 60,
    ],
    'vendor_users' => [
        'provider' => 'vendor_users',
        'table' => 'password_resets',
        'expire' => 60,
        'throttle' => 60,
    ],
    'super_users' => [
        'provider' => 'super_users',
        'table' => 'password_resets',
        'expire' => 60,
        'throttle' => 60,
    ],
],
'password_timeout' => 10800,

]；

对于登录，我使用了3种不同的路由，使用了前面提到的auth guard。

    protected function login(Request $request, $guard = 'user')
{
    //validate incoming request
    $this->validate($request, [
        'email' => 'required|string',
        'password' => 'required|string',
    ]);

    $credentials = $request->only(['email', 'password']);

    if (! $token = Auth::guard($guard)->attempt($credentials)) {
        return response()->json(responseFormat(ERROR,___('Unauthorized')), 401);
    }

    return $this->respondWithToken($token);
}

public function userLogin(Request $request)
{
    return $this->login($request,'user');
}

public function superUsersLogin(Request $request)
{
    return $this->login($request,'super_user');
}

public function vendorUsersLogin(Request $request)
{
    return $this->login($request,'vendor_user');
}

我已经设法从所有3种类型的用户那里获得了成功登录的令牌。

但是当我使用认证中间件对所有用户进行认证时，我会面临一个问题。

public function handle($request, Closure $next, $guard = null)
{
    if ($this->auth->guard($guard)->guest()) {
        return response(responseFormat(ERROR,'Unauthorized.'), 401);
    }

    return $next($request);
}

它只适用于默认的auth-guard类型的用户(即user guard)。如果我想对其他用户类型进行身份验证，我必须使用不同的路由，并提到要使用哪个auth-guard。

$router->group(['middleware' => 'auth','prefix' => 'api'], function ($router)
{
    $router->get('/send-email', 'EmailController@sendEmail');
    $router->get('/users', 'UsersController@users');


});
$router->group(['middleware' => 'auth:vendor_user','prefix' => 'api/vendor'], function ($router)
{
    $router->get('/send-email', 'EmailController@sendEmail');
    $router->get('/users', 'UsersController@users');

});
$router->group(['middleware' => 'auth:super_user','prefix' => 'api/super_user'], function ($router)
{
    $router->get('/send-email', 'EmailController@sendEmail');
    $router->get('/users', 'UsersController@users');

});

有没有办法可以对同一路由的所有3种类型的用户进行身份验证？这样我就不必为每种类型的用户选择不同的路由。

$router->group(['middleware' => 'auth','prefix' => 'api'], function ($router)
{
    $router->get('/send-email', 'EmailController@sendEmail');
    $router->get('/users', 'UsersController@users');
});

与此类似，API可以由所有3种类型的用户使用，并通过相同的auth-guard或其他方式进行身份验证。

BS:我必须为3种类型的用户使用3个不同的表。

Answer 1

创建一个单独的中间件来尝试凭据。然后，设置Auth应该使用的默认防护。你不需要通过门卫就可以登录。

在LoginController中

    public function  __construct()
    {
        $this->middleware('SetAuthGuard:user')->except('logout');
        $this->middleware('SetAuthGuard:vendor_users')->except('logout');
        $this->middleware('SetAuthGuard:super_users')->except('logout');
    }

SetAuthGuard中间件

    public function handle(Request $request, Closure $next, ...$guards)
    {
        $guards = empty($guards) ? [null] : $guards;
        $credentials = $request->only('email','password');
        foreach ($guards as $guard) {
            if (Auth::guard($guard)->attempt($credentials)) {
                Auth::shouldUse($guard);
            }
        }
        return $next($request);
    }