uzzal/apitoken

Token checker for API

v2.0.0 2018-03-29 21:17 UTC

This package is auto-updated.

Last update: 2024-11-22 04:26:50 UTC


README

API access token to be used in support with uzzal/acl library

Installation

composer require uzzal/apitoken

Configuration

If you are using laravel 5.5+ then this library supports auto discovery. To configure manually just edit the config/app.php and add service provider like below.

Uzzal\ApiToken\TokenServiceProvider::class

At the app\Http\Kernel.php add this middleware

'token.checker' => \Uzzal\ApiToken\TokenChecker::class

Database Migration

This library depends on a database table called auth_tokens, and it comes with a migration. So you need to run the migration to add that table with a artisan command like

artisan migrate

Route

Suppose your want to create a api url for the FaqController like this http://YOUR-HOST/api/v1/faq then, in your route/api.php file add your routes like the below

Route::group(['middleware' => ['token.checker'], 'prefix'=>'v1']
    , function(){
    Route::resource('faq', 'FaqController', [
        'only' => ['index']
    ]);
});

Alternatively, Just in case if you don't have a dedicated route/api.php file in that case in your default route file add the route as below:

Route::group(['middleware' => ['token.checker']
    , 'prefix'=>'api/v1'
    , 'namespace'=> 'Api']
    , function(){
    Route::resource('faq', 'FaqController', [
        'only' => ['index']
    ]);
});

Now you are all set, but one thing is you need a _token to access the protected url. and you will get the _token once you are logged in. So we need a AuthController to login for the API. Here is a sample AuthController under the Api namespace in the app/Http/Controllers directory.

Controller

<?php
namespace App\Http\Controllers\Api;

use App\Http\Controllers\Controller;
use Uzzal\ApiToken\Authenticate;

class AuthController extends Controller
{
    use Authenticate;
}

NOTE: This Auth controller should be publicly accessable and NOT protected with auth middleware just like this (in your route/api.php)

Route::resource('auth', 'Api\AuthController', [
    'only' => ['store']
]);

or

Route::post('auth', 'Api\AuthController@store');

How it works: If the user sends a POST request to this AuthController with email and password it will response with a _token (like this $2y$10$/rUWXPY56sMsyYM6YNfEWea5IPO0xXeETDrAT0SS4dShk24H/fiZ6) then you can use that _token to access any protected url like this http://YOUR-HOST/api/v1/faq?_token=$2y$10$/rUWXPY56sMsyYM6YNfEWea5IPO0xXeETDrAT0SS4dShk24H/fiZ6

NOTE: You can pass the token via header, and in that case if you are to send the _token via header, in that case use token instead of _token as the header key.