本範例分成幾個部份來實作 Laravel API:
安裝 Dingo api
安裝 tymon/jwt-auth
安裝 laravel 5 repository
安裝 barryvdh/laravel-cors
建立 RESTful api 範例
坑點
環境
安裝 laravel5.7.28
安裝 Dingo api 安裝 在 composer.json 裡加入
1 2 3 4 5 "require": { "dingo/api": "2.0.0-alpha1" }, "minimum-stability": "dev", "prefer-stable": true
然後執行
產生 api configuration file 1 php artisan vendor:publish --provider="Dingo\Api\Provider\LaravelServiceProvider"
以上指令面會產生一個config/api.php,之後可以在這個檔案設定關於 api 的參數
設定.env 參數內容可視需求調整
1 2 3 4 5 API_STANDARDS_TREE=vnd API_VERSION=v1 API_DEBUG=true API_PREFIX=api API_DOMAIN=api.myapp.com
在 config/app.php 中注册 Service Provider Laravel 5.4 以下加入
1 2 3 4 5 6 'providers' => [ Dingo\Api\Provider\LaravelServiceProvider::class ]
安裝 tymon/jwt-auth 安裝 1 composer require tymon/jwt-auth 1.0.*
產生 jwt-auth configuration file 1 php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"
在 config/app.php 中注册 Service Provider Laravel 5.4 以下加入
1 2 3 4 5 6 'providers' => [ Tymon\JWTAuth\Providers\LaravelServiceProvider::class ]
產生 jwt secret key 設定 api 的 auth 方式為 jwt 在 config/api.php 加上
1 2 3 'auth' => [ 'jwt' => Dingo\Api\Auth\Provider\JWT::class ]
在 config/app.php 加上
1 2 3 'aliases' => [ 'JWTAuth' => Tymon\JWTAuth\Facades\JWTAuth::class ]
安裝 laravel 5 repository 安裝 1 composer require prettus/l5-repository
產生 repository configuration file 1 php artisan vendor:publish --provider "Prettus\Repository\Providers\RepositoryServiceProvider"
config/repository.php
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 'generator' => [ 'basePath' => app()->path(), 'rootNamespace' => 'App\\' , 'stubsOverridePath' => app()->path(), 'paths' => [ 'models' => 'Entities' , 'repositories' => 'Repositories' , 'interfaces' => 'Repositories' , 'transformers' => 'Transformers' , 'presenters' => 'Presenters' , 'validators' => 'Validators' , 'controllers' => 'Http/Controllers/Api' , 'provider' => 'RepositoryServiceProvider' , 'criteria' => 'Criteria' ] ]
config/app.php
1 2 3 4 'providers' => [ ... App\Providers\RepositoryServiceProvider::class ]
安裝 barryvdh/laravel-cors 安裝 1 composer require barryvdh/laravel-cors
產生 CORS configuration file 1 php artisan vendor:publish --provider="Barryvdh\Cors\ServiceProvider"
config/api.php 加入 CORS middleware 1 2 3 'middleware' => [ Barryvdh\Cors\HandleCors::class ]
建立 RESTful api 基本準備 1 php artisan make:entity user
app/User.php
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 namespace App \Entities ;use Illuminate \Notifications \Notifiable ;use Illuminate \Foundation \Auth \User as Authenticatable ;use Tymon \JWTAuth \Contracts \JWTSubject ;class User extends Authenticatable implements JWTSubject use Notifiable ; protected $hidden = [ 'password' , 'remember_token' , ]; protected $fillable = ['name' ,'email' ,'password' ]; public function getJWTIdentifier () { return $this ->getKey(); } public function getJWTCustomClaims () { return []; } }
app/Http/Controllers/Api/UsersController.php
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 namespace App \Http \Controllers \Api ;use Dingo \Api \Routing \Helpers ;use Illuminate \Routing \Controller ;class UsersController extends Controller use Helpers ; public function __construct () { $this ->middleware('api.auth' ); } public function index () $user = $this ->auth->user(); return $user; } }
app/laravel-api/app/Http/Requests/UserCreateRequest.php
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 namespace App \Http \Requests ;use Illuminate \Foundation \Http \FormRequest ;class UserCreateRequest extends FormRequest public function authorize () { return true ; } public function rules () { return [ 'email' => 'required|email|unique:users' , 'password' => 'required' ]; } }
app/Validators/UserValidator.php
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 namespace App \Validators ;use \Prettus \Validator \Contracts \ValidatorInterface ;use \Prettus \Validator \LaravelValidator ;class UserValidator extends LaravelValidator protected $rules = [ ValidatorInterface::RULE_CREATE => [ 'email' => 'required|email' , 'password' => 'required' ], ValidatorInterface::RULE_UPDATE => [], ]; }
app/Http/Controllers/Api/Auth/RegisterController.php
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 namespace App \Http \Controllers \Api \Auth ;use App \Http \Requests \UserCreateRequest ;use App \Http \Controllers \Controller ;use App \Repositories \UserRepository ;use Prettus \Validator \Exceptions \ValidatorException ;use \Throwable ;class RegisterController extends Controller public function register (UserCreateRequest $request,UserRepository $repository) { try { $user = $repository->create([ 'name' => $request->input('name' ), 'email' => $request->input('email' ), 'password' =>app('hash' )->make($request->input('password' )) ]); return response()->json([ 'message' => 'Success' , 'data' => $user ]); } catch (ValidatorException $e) { return response()->json(['error' => 'validation exception' ], 500 ); } catch (Throwable $e) { return response()->json(['errors' => 'Error' ], 500 ); } } }
app/Http/Controllers/Api/Auth/LoginController.php
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 namespace App \Http \Controllers \Api \Auth ;use App \Http \Requests \UserLoginRequest ;use Illuminate \Http \Response ;use Tymon \JWTAuth \Facades \JWTAuth ;use Tymon \JWTAuth \Exceptions \JWTException ;use App \Http \Controllers \Controller ;class LoginController extends Controller public function login (UserLoginRequest $request) { try { if (!$token = JWTAuth::attempt( $this ->getCredentials($request) )) { return $this ->onUnauthorized(); } } catch (JWTException $e) { return $this ->onJwtGenerationError(); } return $this ->onAuthorized($token); } protected function onUnauthorized () { return response()->json([ 'message' => 'invalid_credentials' ], Response::HTTP_UNAUTHORIZED); } protected function onJwtGenerationError () { return response()->json([ 'message' => 'could_not_create_token' ], Response::HTTP_INTERNAL_SERVER_ERROR); } protected function onAuthorized ($token) { return response()->json([ 'message' => 'token_generated' , 'data' => [ 'token' => $token, ] ]); } protected function getCredentials (UserLoginRequest $request) { return $request->only('email' , 'password' ); } public function deleteInvalidate () { $token = JWTAuth::parseToken(); $token->invalidate(); return response()->json(['message' => 'token_invalidated' ]); } public function patchRefresh () { $token = JWTAuth::parseToken(); $newToken = $token->refresh(); return response()->json([ 'message' => 'token_refreshed' , 'data' => [ 'token' => $newToken ] ]); } public function getUser () { return response()->json([ 'message' => 'authenticated_user' , 'data' => JWTAuth::parseToken()->authenticate() ]); } }
修改 config/repository.php 修改serializer,使用自己建立的,也可不改,使用預設的,但是回傳值會用 data 這個 key 值包起來
1 2 3 4 5 6 7 8 9 'fractal' => [ 'params' => [ 'include' => 'include' ], 'serializer' => App\Tools\ArraySerializer::class ],
加上客制化 class 如果在上一步驟有將 serializer 改成使用客制化的 serializer,則這一步驟為建立所需的 serializer
app/Tools/ArraySerializer.php
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 namespace App \Tools ;use League \Fractal \Serializer \ArraySerializer as FractalArraySerializer ;class ArraySerializer extends FractalArraySerializer public function collection ($resourceKey, array $data) { if ($resourceKey) { return [$resourceKey => $data]; } return $data; } public function item ($resourceKey, array $data) { if ($resourceKey) { return [$resourceKey => $data]; } return $data; } }
來寫一支 API 吧 情境:寫一個 book 資源 的 CRUD 撰寫 API 路徑
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 $api = app('Dingo\Api\Routing\Router' ); $api->version('v1' , function ($api) $api->group(['namespace' => 'App\Http\Controllers\Api' ], function () use ($api) $api->group(['namespace' => 'Auth' ], function () use ($api) $api->post('auth/register' , 'RegisterController@register' ); $api->post('auth/login' , 'LoginController@login' ); }); $api->group(['middleware' => 'api.auth' ], function ($api) $api->get('/books/{id}' , 'BooksController@show' ); $api->post('/books' , 'BooksController@store' ); $api->patch('/books/{id}' , 'BooksController@update' ); $api->delete('/books/{id}' , 'BooksController@destroy' ); }); }); });
使用 artisan 指令輕鬆產出 entity, controller, presenter, validator, transformer…
1 php artisan make:entity Book
編寫 table 欄位
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 use Illuminate \Database \Schema \Blueprint ;use Illuminate \Database \Migrations \Migration ;class CreateBooksTable extends Migration public function up () { Schema::create('books' , function (Blueprint $table) $table->increments('id' ); $table->string('name' ,64 ); $table->string('author' ,64 ); $table->decimal('price' ,10 ,2 ); $table->timestamps(); }); } public function down () { Schema::drop('books' ); } }
產生 table
app/Http/Controllers/Api/BooksController.php
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 namespace App \Http \Controllers \Api ;use App \Http \Controllers \Controller ;use Prettus \Validator \Exceptions \ValidatorException ;use App \Http \Requests \BookCreateRequest ;use App \Http \Requests \BookUpdateRequest ;use App \Repositories \BookRepository ;use \Throwable ;class BooksController extends Controller protected $repository; public function __construct (BookRepository $repository) { $this ->repository = $repository; } public function store (BookCreateRequest $request) { try { $book = $this ->repository->create( [ 'name' => $request->input('name' ), 'author' => $request->input('author' ), 'price' => $request->input('price' ), ] ); return response()->json([ 'message' => 'Book created.' , 'data' => $book ]); } catch (ValidatorException $e) { return response()->json([ 'error' => true , 'message' => $e->getMessageBag() ], 500 ); } catch (Throwable $e) { return response()->json([ 'error' => true , 'message' => $e->getMessage() ], 500 ); } } public function show ($id) { $book = $this ->repository->find($id); return response()->json([ 'message' => 'Get a book.' , 'data' => $book, ]); } public function update (BookUpdateRequest $request, $id) { try { $book = $this ->repository->update( [ 'name' => $request->input('name' ), 'author' => $request->input('author' ), 'price' => $request->input('price' ), ], $id ); return response()->json([ 'message' => 'Book updated.' , 'data' => $book ]); } catch (ValidatorException $e) { return response()->json([ 'error' => true , 'message' => $e->getMessageBag() ], 500 ); } catch (Throwable $e) { return response()->json([ 'error' => true , 'message' => $e->getMessage() ], 500 ); } } public function destroy ($id) { try { $deleted = $this ->repository->delete($id); return response()->json([ 'message' => 'Book deleted.' , 'data' => $deleted ]); } catch (Throwable $e) { return response()->json([ 'error' => true , 'message' => $e->getMessage() ], 500 ); } } }
設定 validator 的內容
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 protected $rules = [ ValidatorInterface::RULE_CREATE => [ 'name' => "required|string" , 'author' => "required|string" , 'price' => 'required|numeric|between:0.01,1000000000.99' ], ValidatorInterface::RULE_UPDATE => [ 'name' => "required|string" , 'author' => "required|string" , 'price' => 'required|numeric|between:0.01,1000000000.99' ], ];
用 Postman 來測試看看! 先註冊
再登入
建立一個 book 資源
更新 book
取得 book
刪除 book
Postman 小技巧 在拿到 token 後,跟 api 發出一個請求都要夾帶 token,這裡可以手動貼上,也可以在 test 的部份貼上一段程式碼,將 token 存成變數,之後在 header 裡 Authorization 直接對應 Bearer {{AUTH_TOKEN}} ,Postman 就會帶入剛剛拿到的 token 了。
1 2 3 4 5 6 7 8 9 tests["Body matches string" ] = responseBody.has("token" ); tests["Status code is 200" ] = responseCode.code === 200 ; var jsonData = JSON .parse(responseBody);var token = jsonData.data.token;tests["Has token inside it" ] = typeof token === "string" ; postman.setGlobalVariable("AUTH_TOKEN" , token);
坑點 在測試 cors 情境的時候,遇到 server 回傳的 response header 一直沒有夾帶 Access-Control-Allow 系列的參數,以為是設定有錯,追了原始碼才確認不是 PHP 段的問題。最終發現,問題出在 server 安裝的 pagespeed module,所以在/etc/apache2/sites-available/000-default.conf和/etc/apache2/sites-available/000-default-le-ssl.conf 將 api server 的 pagespeed 關閉,cors 就能正常使用了。這個 issue 可以參考
Reference Dingo Apihttps://github.com/dingo/api
tymon/jwt-authhttps://github.com/tymondesigns/jwt-auth
Laravel 5 repositoryhttps://github.com/andersao/l5-repository
Laravel CORShttps://github.com/barryvdh/laravel-cors
Missing CORS headers in response from PHP/Apache2https://stackoverflow.com/questions/51934338/missing-cors-headers-in-response-from-php-apache2
How to update environment variables based on a response in Postmanhttps://ppolyzos.com/2016/11/20/how-to-update-environment-variables-based-on-a-response-in-postman/
