public function login(Request $request) {
$fields = $request->validate([
'username' => 'required|string',
'password' => 'required|string',
]);
$admin = Admin::where('username', $fields['username'])->first();
if (!$admin || !Hash::check($fields['password'], $admin['password'])) {
return response([
'error' => 'some error'
]);
}
$token = $admin->createToken($request['username'], ['admin'])->plainTextToken;
$response = [
'admin' => $admin,
'admin_token' => $token
];
return response($response, 201);
}
然后就可以使用TokenAbility中间件来识别用户角色(注意必须使用,不然造成多用户混乱,前台用户token可以登录后台!)
// routes/api.php
Route::group(['middleware' => ['auth:sanctum','ability:admin']], function() {
//
});
或者
// routes/api.php
Route::group(['middleware' => ['auth:sanctum','abilities:admin']], function() {
//
});
同样,您可以为您的用户角色创建能力。
当然,您必须将以下内容添加到 app/Http/Kernel.php 中的 $routeMiddleare 中才能使上述解决方案起作用
'ability' => \Laravel\Sanctum\Http\Middleware\CheckForAnyAbility::class,
'abilities' => \Laravel\Sanctum\Http\Middleware\CheckAbilities::class,
关于如何获取user实例
auth()->user(); //不需要指定guard,因为在中间件中 ‘auth:sanctum’ 或者其他 ‘auth:admin’ 已经指定了guard,这里auth可以直接获取到guard
您可以在官方文档中了解更多相关信息 Laravel Sanctum
stack https://stackoverflow.com/questions/71358904/laravel-sanctum-multiple-guard-middleware