ThinkPHP6集成JWT方法以及生成和取出销毁详解

     ThinkPHP6集成JWT方法以及生成和取出销毁详解                  1.引入php-jwt包composerrequirefirebase/php-jwt2.代码控制器文件：app\business\Jwt.php"$user_id",//签发组织"iss"=>env('TOKEN.iss'),//签发作者"aud"=>env('TOKEN.aud'),"iat"=>$time,"nbf"=>$time,"exp"=>$expire);returnjson(JWTUtil::encode($token,$key));}/***验证token*@return\think\response\Json*/publicstaticfunctionverifyjwt($jwt){//查看token是否过期（在退出登录的逻辑里会手动让其过期）if(!empty(cache('delete_token'))&&in_array($jwt,cache("delete_token"))){thrownewExpiredException("token过期","400");}//jwt的签发密钥，验证token的时候需要用到$key=md5(env('TOKEN.key'));try{$jwtAuth=json_encode(JWTUtil::decode($jwt,$key,array("HS256")));$authInfo=json_decode($jwtAuth,true);if(!$authInfo['user_id']){thrownewException('用户ID不存在','500');}//验签成功返回returnjson($authInfo);}catch(ExpiredException$e){thrownewException('token过期','500');}catch(\Exception$e){thrownewException($e->getMessage(),'500');}}//从请求信息中获取token令牌publicstaticfunctiongetRequestToken(){if(empty($_SERVER['HTTP_AUTHORIZATION'])){returnfalse;}$header=$_SERVER['HTTP_AUTHORIZATION'];$method='bearer';//去除token中可能存在的bearer标识returntrim(str_ireplace($method,'',$header));}}3.修改public/.htaccess文件，通过apache重写，处理HTTP请求中的Authorization字段（不处理，php中接收不到HTTP_AUTHORAZATION字段信息）RewriteCond%{HTTP:Authorization}^(.+)$RewriteRule.*-[E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]4.路由：app\api\route\api.phpgetData();6.前端：取出、销毁publicfunctionlogin(){//取出Token值（寄托在header）//清空token将需清空的token存入缓存，再次使用时，会读取缓存进行判断$token=JWT::getRequestToken();//查看缓存中是否存在delete_token这个键$delete_token=cache('delete_token')?:[];//将这个token值放入delete_token数组中$delete_token[]=$token;//将数组塞回缓存中cache('delete_token',$delete_token,86400);//销毁成功returnsuccess('销毁成功');}7.验证是否成功//取出token$token=JWT::getRequestToken();try{//校验token$data=JWT::verifyjwt($token);}catch(\Exception$exception){returnfail($exception->getMessage());}dd($data);8.效果如图所示 -完-