AngularJS + Laravel 5 认证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/28677602/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
AngularJS + Laravel 5 Authentication
提问by BattleOn
While building my SPA with angularJS, i came to the point where i want to implement user authentication in my angularJS website. However, i have no idea where to start and what the best practices are.
在使用 angularJS 构建我的 SPA 时,我想在我的 angularJS 网站中实现用户身份验证。但是,我不知道从哪里开始以及最佳实践是什么。
Basically i have a sure that can have one or more roles. I've looked for examples so i could get a basic understanding of how to handle this properly, but so far i've only came across examples that are very simple or are not so secure (like this).
基本上我有一个肯定可以有一个或多个角色。我已经查找了一些示例,因此我可以对如何正确处理这个问题有一个基本的了解,但到目前为止,我只遇到过非常简单或不太安全的示例(像这样)。
So my question is, how to I implement a authentication service using REST (or custom API urls) to authenticate a user, and then display the user information on the page using angularJS, while also ensuring best security coverage by using (for example) the csrf token from Laravel?
所以我的问题是,如何使用 REST(或自定义 API url)实现身份验证服务来对用户进行身份验证,然后使用 angularJS 在页面上显示用户信息,同时还通过使用(例如)确保最佳安全覆盖来自 Laravel 的 csrf 令牌?
Thanks in advance, Nick van der Meij
提前致谢,尼克范德梅杰
回答by neoroger
I'm making an AngularJS app and an API RESTful made with Laravel 5 for the backend, and my approach for the authentication was:
我正在为后端制作一个 AngularJS 应用程序和一个使用 Laravel 5 制作的 API RESTful,我的身份验证方法是:
- Installed jwt-auth. Basically extends the Auth model of Laravel adding authorization with tokens.
- Added simple role package to laravel. I used permiso. Has multiple roles/user and permissions/role. Very simple.
- Added jStorage to frontend. (you can use AngularJS module instead).
- 安装jwt-auth。基本上扩展了 Laravel 的 Auth 模型,使用令牌添加授权。
- 向 Laravel 添加了简单的角色包。我用过permiso。具有多个角色/用户和权限/角色。很简单。
- 将 jStorage 添加到前端。(您可以改用 AngularJS 模块)。
So the steps are:
所以步骤是:
- Frontend send user credentials (email and pass).
- Server checks, jwt-auth makes a token to that user and send it backs.
- Frontend save the token on the browser storage (no csrf needed with this approach).
- All next calls to the API are made with
Authorization: Bearerheader (or with?token=...)
- 前端发送用户凭据(电子邮件和传递)。
- 服务器检查,jwt-auth 为该用户生成一个令牌并将其发回。
- 前端将令牌保存在浏览器存储中(这种方法不需要 csrf)。
- 对 API 的所有下一次调用都使用
Authorization: Bearer标头(或使用?token=...)
回答by cienki
I like the same approach that @neoroger takes using JSON Web Tokens with jwt-auth. I used the Satellizer package for storing the token on the front end and to send it along with each request to the API afterwards.
我喜欢@neoroger 使用带有 jwt-auth 的 JSON Web 令牌所采用的相同方法。我使用 Satellizer 包在前端存储令牌,然后将它与每个请求一起发送到 API。
I put together a couple tutorials that show how to implement the two packages if you are interested:
如果您有兴趣,我整理了几个教程,展示如何实现这两个包:
https://scotch.io/tutorials/token-based-authentication-for-angularjs-and-laravel-apps
https://scotch.io/tutorials/token-based-authentication-for-angularjs-and-laravel-apps
http://ryanchenkie.com/token-based-authentication-for-angularjs-and-laravel-apps/
http://ryanchenkie.com/token-based-authentication-for-angularjs-and-laravel-apps/
