laravel前后端分离的用户登陆 退出 中间件的接口与session的使用

在项目开发的过程中,需要有用户的登陆 退出 还有校验用户是否登陆的中间件;

基本思路:

登陆:

前端请求接口的参数校验 用户名 密码规则的校验 用户名密码是否正确的校验;

如果上面的校验都通过的了,把用户的常用基本信息保存到session中;如果涉及到RBAC(权限校验)也要把当前用户所有的权限列表查出来然后也保存到session中

退出:

把保存的用户信息session::forget()掉 删除掉 调到登陆页面即可

中间件校验:

去判断session中是否存在该用户的信息即可 session::has('key');还有当前用户请求的url是否在session中的列表中,如果没有那么抛给他们一个没有权限的错误提示信息界面;

目前前后端分离的项目中还没加权限验证这一块,先上段未前后端分离的完整代码吧:

login.php

<?php

namespace aiHttpControllers;

use aiModelsSysRoleMenu;
use aiModelsSysUserRole;
use aiModelsSysRole;
use IlluminateHttpRequest;
use IlluminateSupportFacadesSession;
use aiModelsSysUser;
use IlluminateSupportFacadesDB;
use aiLibHttp as  Htpd;

class Login extends Controller
{

    public function __construct() {
        DB::connection()->enableQueryLog(); // 开启查询日志
    }

    /**
     * @param Request $request
     * @return $this|IlluminateHttpRedirectResponse|IlluminateRoutingRedirector|void
     *
     */
    public function index(Request $request) {

        $username = $request->username;
        $password = $request->password;
        $errors = $request->errors;
        //echo md5("123456ai");
        $password = md5($password.'ai');

        $users =  SysUser::where(['login_name'=>$username,'password'=>$password])->first();
        //echo $users['id'];

        $pri = [];
//        if($users){
//            // 角色
//            $roleids = [];
//            $role = SysUserRole::where('user_id',$users->id)->select('role_id')->where('role_id','<>','')->get();
//            foreach ($role as $k=>$v){
//                $roleids[] = $v['role_id'];
//            }
//            // 权限
//            $menu = SysRoleMenu::whereIn('role_id',$roleids)->select('m.href')->leftjoin('sys_menu as m','sys_role_menu.menu_id','=','m.id')->get()->toArray();
//
//            foreach ($menu as $k=>$v){
//                $pri[] = $v['href'];
//            }
////            print_r(DB::getQueryLog());
////            dd($users, $menu, $pri);
//        }

        if($users){
            // 角色
            $roleid = [];
            $role = SysUserRole::where('user_id',$users->id)->select('role_id')->where('role_id','<>','')->get();
            //dump($role);
            foreach ($role as $k=>$v){
                $roleid[] = $v['role_id'];
            }
            // 权限
            $menu = SysRoleMenu::whereIn('role_id',$roleid)->select('m.href')->leftjoin('sys_menu as m','sys_role_menu.menu_id','=','m.id')->get()->toArray();

            foreach ($menu as $k=>$v){
                $pri[] = $v['href'];
            }
//            print_r(DB::getQueryLog());
//            dd($users, $role, $roleids, $menu, $pri);
        }



        // 权限判断
        if($pri && $users){
            Session::put('userid',$users['id']);

            Session::put('login_name',$users['login_name']);
            Session::put('name',$users['name']);
            Session::put('pri',json_encode($pri));
            //            echo 1;
//            die;
            return redirect('/');
        }


        $error = '';
        if($username && !$users){
            $error = '用户名或密码错误';
        }
       // dump($pri);
        //dump($users);
        if(!$pri && $users){
            $error = '用户没有权限';
        }

        return view('login')->with([
            'error'=>$error,
            'errors'=>$errors,
        ]);

    }

    /**
     * @param Request $request
     */
    public function logout(Request $request){
        Session::forget('userid');
        return redirect('/');
    }
    
    /**
     * 修改密码
     */
    public function modifyPwd(Request $request)
    {
        $old_pwd = $request->old_pwd;
        $new_pwd = $request->new_pwd;
        $confirm_pwd = $request->confirm_pwd;
        $message = '';
        if($new_pwd != $confirm_pwd) {
            $message = '两次密码不相同';
        }
        $username = Session::get('login_name');
        $password = md5($old_pwd.'ai');
        $new_password = md5($new_pwd.'ai');
        $users =  SysUser::where(['login_name'=>$username,'password'=>$password])->first();
        if($new_pwd && !$users){
            $message = '密码错误';
        }
        if($username && $users) {
            $res = SysUser::where('login_name', $username)->update(['password' => $new_password]);
            if ($res) {
                return redirect('/');
            }
        }
        return view('modifyPwd')
            ->with('message', $message)
            ;
    }

}

authAdmin.php 中间件

<?php

namespace aiHttpMiddleware;

use Closure;
use IlluminateSupportFacadesSession;

class authAdmin
{
    /**
     * Handle an incoming request.
     *
     * @param  IlluminateHttpRequest  $request
     * @param  Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next) {
//        $userid = Session::get('userid');
        $userid = Session::get('userid');
        dd($userid);
        //dd(json_decode($pri,true));
        $pri = Session::get('pri');
//        dump($userid, $pri);
        if (!$userid || !$pri) {
            return redirect('/login');
        }

        $url = $request->getRequestUri();
        $postion = strpos($url, '?'); // 有?的标志
        if ($postion) {
            $url = substr($url, 0, strpos($url, '?')); // 把路径后面的?参数去掉
        }
        // /downreport/1524470328.xls/数据分析类
        if (strpos($url, 'downreport') !== false) {
            $url = '/downreport';
        }
//        dd($url);
        $pri = json_decode($pri,true);
//        dd($userid, $url, $postion, $pri);

        if ($url =='/') {
            return $next($request);
        }
        if( !in_array($url,$pri)){ // 显示没有操作权限的页面
            return response()->view('error');

        }

        if( !$userid){
            return redirect('/login?errors=没有权限');

        }
        return $next($request);
    }
}