第一个composer:下载jwt插件 第二个composer:必须降级jwt才能使用
composer require lcobucci/jwt composer require lcobucci/jwt=3.3.3
/**
* 处理请求
*
* @param \think\Request $request
* @param \Closure $next
* @return Response
*/ public function handle($request, \Closure $next) { $header = $request->header();//获取jwt里面的header函数.因为header里面会生成token if(!isset($header['token'])){//没有token的话,进行if里面. return json(['code'=>440,'msg'=>'request must with token']); } $token = $header['token']; try{ $token = (new Parser())->parse($token);//token解析,解析成一个对象(切记,如果用户随意改的token会进入catch里面) }catch(\Exception $e){ return json(['code'=>440,'msg'=>'invalid token']);//随意改的token会进入里面 } $signer = new Sha256();//创建加密对象 //verify进行合法性验证 if(!$token->verify($signer,config('shop.API_KEY'))){ return json(['code'=>440,'msg'=>'token verify failed']); } $data = new ValidationData(); //验证token是否在有效期内 if(!$token->validate($data)){//如果验证不通过的话。(token不再有效期内) $mobile = $token->getClaim('mobile'); $token = getToken($mobile); return json(['code'=>450,'msg'=>'token expired','token'=>$token]); } return $next($request); } }
