diff --git a/composer.json b/composer.json index c0765ca..76e213d 100644 --- a/composer.json +++ b/composer.json @@ -7,21 +7,19 @@ "require": { "php": ">=7.1.3", "barryvdh/laravel-cors": "^0.11.2", - "dingo/api": "2.0.0-alpha2", - "fideloper/proxy": "~4.0", - "laravel/framework": "5.7.*", - "laravel/tinker": "~1.0", - "predis/predis": "^1.1.1", - "tymon/jwt-auth": "1.0.0-rc.3" + "fideloper/proxy": "^4.0", + "laravel/framework": "5.8.*", + "laravel/tinker": "^1.0.8", + "predis/predis": "^1.1.1" }, "require-dev": { - "filp/whoops": "~2.0", - "fzaninotto/faker": "~1.4", - "mockery/mockery": "~1.0", - "nunomaduro/collision": "~2.0", - "phpunit/phpunit": "~7.0", + "filp/whoops": "^2.3.1", + "fzaninotto/faker": "^1.8", + "mockery/mockery": "^1.2.2", + "nunomaduro/collision": "^2.1.1", + "phpunit/phpunit": "^8.0.4", "reliese/laravel": "^0.0.13", - "symfony/thanks": "^1.0" + "symfony/thanks": "^1.1.0" }, "autoload": { "classmap": [ diff --git a/config/api.php b/config/api.php deleted file mode 100644 index e0b6b4d..0000000 --- a/config/api.php +++ /dev/null @@ -1,233 +0,0 @@ - env('API_STANDARDS_TREE', 'x'), - - /* - |-------------------------------------------------------------------------- - | API Subtype - |-------------------------------------------------------------------------- - | - | Your subtype will follow the standards tree you use when used in the - | "Accept" header to negotiate the content type and version. - | - | For example: Accept: application/x.SUBTYPE.v1+json - | - */ - - 'subtype' => env('API_SUBTYPE', ''), - - /* - |-------------------------------------------------------------------------- - | Default API Version - |-------------------------------------------------------------------------- - | - | This is the default version when strict mode is disabled and your API - | is accessed via a web browser. It's also used as the default version - | when generating your APIs documentation. - | - */ - - 'version' => env('API_VERSION', 'v1'), - - /* - |-------------------------------------------------------------------------- - | Default API Prefix - |-------------------------------------------------------------------------- - | - | A default prefix to use for your API routes so you don't have to - | specify it for each group. - | - */ - - 'prefix' => env('API_PREFIX', 'api'), - - /* - |-------------------------------------------------------------------------- - | Default API Domain - |-------------------------------------------------------------------------- - | - | A default domain to use for your API routes so you don't have to - | specify it for each group. - | - */ - - 'domain' => env('API_DOMAIN', null), - - /* - |-------------------------------------------------------------------------- - | Name - |-------------------------------------------------------------------------- - | - | When documenting your API using the API Blueprint syntax you can - | configure a default name to avoid having to manually specify - | one when using the command. - | - */ - - 'name' => env('API_NAME', null), - - /* - |-------------------------------------------------------------------------- - | Conditional Requests - |-------------------------------------------------------------------------- - | - | Globally enable conditional requests so that an ETag header is added to - | any successful response. Subsequent requests will perform a check and - | will return a 304 Not Modified. This can also be enabled or disabled - | on certain groups or routes. - | - */ - - 'conditionalRequest' => env('API_CONDITIONAL_REQUEST', true), - - /* - |-------------------------------------------------------------------------- - | Strict Mode - |-------------------------------------------------------------------------- - | - | Enabling strict mode will require clients to send a valid Accept header - | with every request. This also voids the default API version, meaning - | your API will not be browsable via a web browser. - | - */ - - 'strict' => env('API_STRICT', false), - - /* - |-------------------------------------------------------------------------- - | Debug Mode - |-------------------------------------------------------------------------- - | - | Enabling debug mode will result in error responses caused by thrown - | exceptions to have a "debug" key that will be populated with - | more detailed information on the exception. - | - */ - - 'debug' => env('API_DEBUG', false), - - /* - |-------------------------------------------------------------------------- - | Generic Error Format - |-------------------------------------------------------------------------- - | - | When some HTTP exceptions are not caught and dealt with the API will - | generate a generic error response in the format provided. Any - | keys that aren't replaced with corresponding values will be - | removed from the final response. - | - */ - - 'errorFormat' => [ - 'message' => ':message', - 'errors' => ':errors', - 'code' => ':code', - 'status_code' => ':status_code', - 'debug' => ':debug', - ], - - /* - |-------------------------------------------------------------------------- - | API Middleware - |-------------------------------------------------------------------------- - | - | Middleware that will be applied globally to all API requests. - | - */ - - 'middleware' => [ - - ], - - /* - |-------------------------------------------------------------------------- - | Authentication Providers - |-------------------------------------------------------------------------- - | - | The authentication providers that should be used when attempting to - | authenticate an incoming API request. - | - */ - - 'auth' => [ - - ], - - /* - |-------------------------------------------------------------------------- - | Throttling / Rate Limiting - |-------------------------------------------------------------------------- - | - | Consumers of your API can be limited to the amount of requests they can - | make. You can create your own throttles or simply change the default - | throttles. - | - */ - - 'throttling' => [ - - ], - - /* - |-------------------------------------------------------------------------- - | Response Transformer - |-------------------------------------------------------------------------- - | - | Responses can be transformed so that they are easier to format. By - | default a Fractal transformer will be used to transform any - | responses prior to formatting. You can easily replace - | this with your own transformer. - | - */ - - 'transformer' => env('API_TRANSFORMER', Dingo\Api\Transformer\Adapter\Fractal::class), - - /* - |-------------------------------------------------------------------------- - | Response Formats - |-------------------------------------------------------------------------- - | - | Responses can be returned in multiple formats by registering different - | response formatters. You can also customize an existing response - | formatter with a number of options to configure its output. - | - */ - - 'defaultFormat' => env('API_DEFAULT_FORMAT', 'json'), - - 'formats' => [ - - 'json' => Dingo\Api\Http\Response\Format\Json::class, - - ], - - 'formatsOptions' => [ - - 'json' => [ - 'pretty_print' => env('API_JSON_FORMAT_PRETTY_PRINT_ENABLED', false), - 'indent_style' => env('API_JSON_FORMAT_INDENT_STYLE', 'space'), - 'indent_size' => env('API_JSON_FORMAT_INDENT_SIZE', 2), - ], - - ], - -]; diff --git a/config/app.php b/config/app.php index bfcf870..b22e189 100644 --- a/config/app.php +++ b/config/app.php @@ -168,8 +168,6 @@ return [ /* * Package Service Providers... */ - Tymon\JWTAuth\Providers\LaravelServiceProvider::class, - Dingo\Api\Provider\LaravelServiceProvider::class, /* * Application Service Providers... @@ -185,7 +183,7 @@ return [ /* |-------------------------------------------------------------------------- | Class Aliases - |-------------------------------------------------------------------------- + -------------------------------------------------------------------------- | | This array of class aliases will be registered when this application | is started. However, feel free to register as many as you wish as @@ -211,8 +209,6 @@ return [ 'File' => Illuminate\Support\Facades\File::class, 'Gate' => Illuminate\Support\Facades\Gate::class, 'Hash' => Illuminate\Support\Facades\Hash::class, - 'JWTAuth' => Tymon\JWTAuth\Facades\JWTAuth::class, - 'JWTFactory' => Tymon\JWTAuth\Facades\JWTFactory::class, 'Lang' => Illuminate\Support\Facades\Lang::class, 'Log' => Illuminate\Support\Facades\Log::class, 'Mail' => Illuminate\Support\Facades\Mail::class, diff --git a/config/auth.php b/config/auth.php index f046234..7817501 100644 --- a/config/auth.php +++ b/config/auth.php @@ -14,7 +14,7 @@ return [ */ 'defaults' => [ - 'guard' => 'api', + 'guard' => 'web', 'passwords' => 'users', ], @@ -42,7 +42,7 @@ return [ ], 'api' => [ - 'driver' => 'jwt', + 'driver' => 'token', 'provider' => 'users', ], ], diff --git a/config/jwt.php b/config/jwt.php deleted file mode 100644 index 37ddf91..0000000 --- a/config/jwt.php +++ /dev/null @@ -1,303 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -return [ - - /* - |-------------------------------------------------------------------------- - | JWT Authentication Secret - |-------------------------------------------------------------------------- - | - | Don't forget to set this in your .env file, as it will be used to sign - | your tokens. A helper command is provided for this: - | `php artisan jwt:secret` - | - | Note: This will be used for Symmetric algorithms only (HMAC), - | since RSA and ECDSA use a private/public key combo (See below). - | - */ - - 'secret' => env('JWT_SECRET'), - - /* - |-------------------------------------------------------------------------- - | JWT Authentication Keys - |-------------------------------------------------------------------------- - | - | The algorithm you are using, will determine whether your tokens are - | signed with a random string (defined in `JWT_SECRET`) or using the - | following public & private keys. - | - | Symmetric Algorithms: - | HS256, HS384 & HS512 will use `JWT_SECRET`. - | - | Asymmetric Algorithms: - | RS256, RS384 & RS512 / ES256, ES384 & ES512 will use the keys below. - | - */ - - 'keys' => [ - - /* - |-------------------------------------------------------------------------- - | Public Key - |-------------------------------------------------------------------------- - | - | A path or resource to your public key. - | - | E.g. 'file://path/to/public/key' - | - */ - - 'public' => env('JWT_PUBLIC_KEY'), - - /* - |-------------------------------------------------------------------------- - | Private Key - |-------------------------------------------------------------------------- - | - | A path or resource to your private key. - | - | E.g. 'file://path/to/private/key' - | - */ - - 'private' => env('JWT_PRIVATE_KEY'), - - /* - |-------------------------------------------------------------------------- - | Passphrase - |-------------------------------------------------------------------------- - | - | The passphrase for your private key. Can be null if none set. - | - */ - - 'passphrase' => env('JWT_PASSPHRASE'), - - ], - - /* - |-------------------------------------------------------------------------- - | JWT time to live - |-------------------------------------------------------------------------- - | - | Specify the length of time (in minutes) that the token will be valid for. - | Defaults to 1 hour. - | - | You can also set this to null, to yield a never expiring token. - | Some people may want this behaviour for e.g. a mobile app. - | This is not particularly recommended, so make sure you have appropriate - | systems in place to revoke the token if necessary. - | - */ - - 'ttl' => 525600, // 1年 - - /* - |-------------------------------------------------------------------------- - | Refresh time to live - |-------------------------------------------------------------------------- - | - | Specify the length of time (in minutes) that the token can be refreshed - | within. I.E. The user can refresh their token within a 2 week window of - | the original token being created until they must re-authenticate. - | Defaults to 2 weeks. - | - | You can also set this to null, to yield an infinite refresh time. - | Some may want this instead of never expiring tokens for e.g. a mobile app. - | This is not particularly recommended, so make sure you have appropriate - | systems in place to revoke the token if necessary. - | - */ - - 'refresh_ttl' => 3153600, // 6年 - - /* - |-------------------------------------------------------------------------- - | JWT hashing algorithm - |-------------------------------------------------------------------------- - | - | Specify the hashing algorithm that will be used to sign the token. - | - | See here: https://github.com/namshi/jose/tree/master/src/Namshi/JOSE/Signer/OpenSSL - | for possible values. - | - */ - - 'algo' => 'HS256', - - /* - |-------------------------------------------------------------------------- - | Required Claims - |-------------------------------------------------------------------------- - | - | Specify the required claims that must exist in any token. - | A TokenInvalidException will be thrown if any of these claims are not - | present in the payload. - | - */ - - 'required_claims' => [ - 'iss', - 'iat', - 'exp', - 'nbf', - 'sub', - 'jti', - ], - - /* - |-------------------------------------------------------------------------- - | Persistent Claims - |-------------------------------------------------------------------------- - | - | Specify the claim keys to be persisted when refreshing a token. - | `sub` and `iat` will automatically be persisted, in - | addition to the these claims. - | - | Note: If a claim does not exist then it will be ignored. - | - */ - - 'persistent_claims' => [ - // 'foo', - // 'bar', - ], - - /* - |-------------------------------------------------------------------------- - | Lock Subject - |-------------------------------------------------------------------------- - | - | This will determine whether a `prv` claim is automatically added to - | the token. The purpose of this is to ensure that if you have multiple - | authentication models e.g. `App\User` & `App\OtherPerson`, then we - | should prevent one authentication request from impersonating another, - | if 2 tokens happen to have the same id across the 2 different models. - | - | Under specific circumstances, you may want to disable this behaviour - | e.g. if you only have one authentication model, then you would save - | a little on token size. - | - */ - - 'lock_subject' => true, - - /* - |-------------------------------------------------------------------------- - | Leeway - |-------------------------------------------------------------------------- - | - | This property gives the jwt timestamp claims some "leeway". - | Meaning that if you have any unavoidable slight clock skew on - | any of your servers then this will afford you some level of cushioning. - | - | This applies to the claims `iat`, `nbf` and `exp`. - | - | Specify in seconds - only if you know you need it. - | - */ - - 'leeway' => env('JWT_LEEWAY', 0), - - /* - |-------------------------------------------------------------------------- - | Blacklist Enabled - |-------------------------------------------------------------------------- - | - | In order to invalidate tokens, you must have the blacklist enabled. - | If you do not want or need this functionality, then set this to false. - | - */ - - 'blacklist_enabled' => env('JWT_BLACKLIST_ENABLED', true), - - /* - | ------------------------------------------------------------------------- - | Blacklist Grace Period - | ------------------------------------------------------------------------- - | - | When multiple concurrent requests are made with the same JWT, - | it is possible that some of them fail, due to token regeneration - | on every request. - | - | Set grace period in seconds to prevent parallel request failure. - | - */ - - 'blacklist_grace_period' => env('JWT_BLACKLIST_GRACE_PERIOD', 0), - - /* - |-------------------------------------------------------------------------- - | Cookies encryption - |-------------------------------------------------------------------------- - | - | By default Laravel encrypt cookies for security reason. - | If you decide to not decrypt cookies, you will have to configure Laravel - | to not encrypt your cookie token by adding its name into the $except - | array available in the middleware "EncryptCookies" provided by Laravel. - | see https://laravel.com/docs/master/responses#cookies-and-encryption - | for details. - | - | Set it to true if you want to decrypt cookies. - | - */ - - 'decrypt_cookies' => false, - - /* - |-------------------------------------------------------------------------- - | Providers - |-------------------------------------------------------------------------- - | - | Specify the various providers used throughout the package. - | - */ - - 'providers' => [ - - /* - |-------------------------------------------------------------------------- - | JWT Provider - |-------------------------------------------------------------------------- - | - | Specify the provider that is used to create and decode the tokens. - | - */ - - 'jwt' => Tymon\JWTAuth\Providers\JWT\Lcobucci::class, - - /* - |-------------------------------------------------------------------------- - | Authentication Provider - |-------------------------------------------------------------------------- - | - | Specify the provider that is used to authenticate users. - | - */ - - 'auth' => Tymon\JWTAuth\Providers\Auth\Illuminate::class, - - /* - |-------------------------------------------------------------------------- - | Storage Provider - |-------------------------------------------------------------------------- - | - | Specify the provider that is used to store tokens in the blacklist. - | - */ - - 'storage' => Tymon\JWTAuth\Providers\Storage\Illuminate::class, - - ], - -]; diff --git a/routes/api.php b/routes/api.php index a0d48a9..0f37e00 100644 --- a/routes/api.php +++ b/routes/api.php @@ -13,18 +13,3 @@ use Illuminate\Http\Request; | */ -$api = app('Dingo\Api\Routing\Router'); - -$api->version('v1', function ($api) { - $api->group(['namespace' => 'App\Http\Controllers'], function ($api) { - $api->post('/auth/checkself', 'AuthController@checkSelf'); - $api->post('/auth/getpermissions', 'AuthController@getPerms'); - $api->post('/auth/login', 'AuthController@login'); - $api->post('/auth/register', 'AuthController@register'); - $api->post('/auth/recover', 'AuthController@recover'); - $api->post('/auth/sendreset', 'AuthController@SendReset'); - $api->get('/auth/confirmreset/{token}', 'AuthController@ConfirmReset'); - $api->post('/auth/passwordreset', 'AuthController@PasswordReset'); - $api->post('/auth/checkauth', 'AuthController@checkAuth'); - }); -}); diff --git a/routes/web.php b/routes/web.php index 1f71e82..ffb915d 100644 --- a/routes/web.php +++ b/routes/web.php @@ -19,6 +19,17 @@ require(__DIR__.'/class/site.php'); require(__DIR__.'/class/store.php'); require(__DIR__.'/class/user.php'); +// Auth +Route::post('/api/auth/checkself', 'AuthController@checkSelf'); +Route::post('/api/auth/getpermissions', 'AuthController@getPerms'); +Route::post('/api/auth/login', 'AuthController@login'); +Route::post('/api/auth/register', 'AuthController@register'); +Route::post('/api/auth/recover', 'AuthController@recover'); +Route::post('/api/auth/sendreset', 'AuthController@SendReset'); +Route::get('/api/auth/confirmreset/{token}', 'AuthController@ConfirmReset'); +Route::post('/api/auth/passwordreset', 'AuthController@PasswordReset'); +Route::post('/api/auth/checkauth', 'AuthController@checkAuth'); + // Permissions Route::get('/api/rpc/permission/getpermissionsfrommodule', 'PermissionController@getPermissionsFromModule'); Route::get('/api/rpc/permission/getpermissionfrommodule/{id}', 'PermissionController@getPermissionFromModule');