How to install
composer require henrik/token-auth
- Create a helper file
app\Helpers\TokenManagerHelper.php.
<?php
namespace App\Helpers;
use HashAuth\TokenManager;
/**
* Class TokenManagerHelper * @package App\Helpers
*/
class TokenManagerHelper {
/**
* @return TokenManager
* @throws \Exception
*/
public static function getManagerInstance()
{
return new TokenManager(
config('hash_auth.token_private_key'),
config('hash_auth.token_private_iv'),
config('hash_auth.signature_private_key')
);
}
}- Then create
hash_auth.configfile into your laravel configs folder.
<?php
return [
'token_private_key' => env('TOKEN_PRIVATE_KEY', ''),
'token_private_iv' => env('TOKEN_PRIVATE_IV', ''),
'signature_private_key' => env('SIGNATURE_PRIVATE_KEY', '')
];- Then add into your
.envfile this lines
SIGNATURE_PRIVATE_KEY="secret_line1"
TOKEN_PRIVATE_IV="secret_line2"
TOKEN_PRIVATE_KEY="secret_line3"
-
Type in your console
php artisan make:middleware HashAuthFilterMiddleware
-
Then paste this code into created file
<?php
namespace App\Http\Middleware;
use App\Helpers\TokenManagerHelper;
use Carbon\Carbon;
use Closure;
use HashAuth\Exceptions\HashAuthException;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
class HashAuthFilterMiddleware{
/**
* @param $request
* @param Closure $next
* @return mixed
* @throws \Exception
*/
public function handle(Request $request, Closure $next) {
try {
$unparsed_token = $request->header("Authorization");
if (empty($unparsed_token)) {
$unparsed_token = $request->input('token');
} else {
$unparsed_token = str_replace('Bearer ', '', $unparsed_token);
}
$tokenManager = TokenManagerHelper::getManagerInstance();
$parsed_token = $tokenManager->parseToke($unparsed_token, [
'exp' => Carbon::now()->timestamp,
'sessId' => 0,
'browserId' => $request->header('User-Agent')
]);
// $parsed_token it's a data which is saved into token
} catch (HashAuthException $e) {
return response(
[
'message' => 'You dont has access for this action'
],
Response::HTTP_FORBIDDEN
);
}
return $next($request);
}
}open Kernel.php file and add middleware into $routeMiddleware like this
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
// ...
'hash.auth' => \App\Http\Middleware\HashAuthFilterMiddleware::class,
// ...
];- Add this functions into your
User.phpmodel
/**
* @param $request
* @return mixed
* @throws \Exception
*/
public function createNewAccessToken($request, $user)
{
$tokenManager = TokenManagerHelper::getManagerInstance();
$claims = $this->getClaims($request);
$token = $tokenManager->makeToken($user, $claims);
return $token;
}
private function getClaims(Request $request)
{
$claims = [
'exp' => Carbon::now()->timestamp + (2 * 60 * 60),
'browserId' => $request->header('User-Agent'),
];
return $claims;
}The example login action (must return token string in json format):
public function Login(User $user, Request $resuest){
$token = $user->createNewAccessToken($request, $user);
// ...
}The registered middleware you can use for your routes. For example:
Route::group(['middleware' => ['hash.auth']], function () {
// your routes here
}
Route::get('your-route', 'Controller@Action')->middleware('hash.auth');The request lifecycle in graph dagram.
graph LR
R[Request With Token] --> HAM
HAM --> R
HAM((HashAuthFilterMiddleware)) -->A
A-->HAM
A[Token Manager] -- Token --> TP((Token Parser))
TP -- data --> A
TB((Token Builder)) -- token --> A
A -- data --> TB
TB --> T{Token}
TP --> T
CL[Claim] --> T
DL[DataLine] -->T