Laravel 5 Basics (12)-Certifications
Laravel Factory has been shipped with a user authentication system, we look routes.php
at, if deleted, add on:
Route::controllers([ 'auth' => 'Auth\AuthController', 'password' => 'Auth\PasswordController']);
You can use it for a php artisan route:list
look. Browser Access /auth/login
, you can see the login interface, it is best to put the system default app.blade.php
on Google things to annotate, otherwise you will be crazy.
You can use register, login, and even forget password.
The actual registration of a user, after the submission failed, actually did not fail, just larave automatically jump to the /home
, we have deleted this controller. You can use it tinker
to look at the user already established.
Auth\AuthController
actually used in trait
, what is Triat? Well,php only supports single inheritance, adds trait in php5.4, and a trait is actually a package of methods that you can include in another class. Like an abstract class, you can't instantiate him directly.
Auth\AuthController
There are references to trait in:
use AuthenticatesAndRegistersUsers;
Let's find him and see how it jumps after registration. He hides a pretty deep, in vendor/laravel/framework/src/Illuminate/Foundation/Auth/AuthenticatesAndregistersUsers.php
, wow.
public function redirectPath(){if (property_exists($this, 'redirectPath')){return $this->redirectPath;} //如果用户设置了 redirectTo 属性,则跳转到用户设置的属性,否则到homereturn property_exists($this, 'redirectTo') ? $this->redirectTo : '/home';}
OK, we know, as long as redirectTo
you set this property you can customize the post-registration jump. We have Auth\AuthContotroller
modified in:
protected $redirectTo = 'articles';
We use first to /auth/logout
make sure we exit, if something goes wrong don't be afraid, we don't have the default homepage, re-visit: auth/register
Create a new user, this time should be OK.
Logout again, then login with login.
Now we can delete the form_partial
hidden fields in the temporary settings, and then modify the controller:
public function store(Requests\ArticleRequest $request) { //你可以这样 //$request = $request->all(); //$request['user_id'] = Auth::id(); //更简单的方法 $article = Article::create($request->all()); //laravel 自动完成外键关联 Auth::user()->articles()->save($article); return redirect('articles'); }
Add an article and then use it to tinker
view it.
Middleware
We certainly do not want anyone to be able to publish articles, at least for landing. We add protection to the controller:
public function create() { if (Auth::guest()) { return redirect('articles'); } return view('articles.create'); }
The above code can work, there is a problem, we need to be in each method to protect the above processing, it is silly, fortunately we have middleware.
Middleware can be understood as a processing pipeline in which the middleware is processed at some point in the pipeline, which can be either a request or a response. Depending on the processing rules of the middleware, requests may be redirected or may be requested.
Included in the app/http/middleware
three middleware, the name can see what is doing, take a good look, notice, Closure $next
represents the next middleware.
The app/http/kernel.php
middleware is registered in. The $middleware
segment declares the middleware that handles all HTTP processing $routeMiddleware
, only the routing process, and the declaration you must display to use one or several of these middleware.
Assuming we want to protect the whole ArticlesController
, we add the middleware directly to the constructor:
public function __construct() { $this->middleware('auth'); }
Now, any method is protected.
But we may not want the entire controller to be protected, what if it's just one or two of these methods? We can deal with this:
public function __construct() { $this->middleware('auth', ['only' => 'create']); //当然可以反过来 //$this->middleware('auth', ['except' => 'index']); }
We do not necessarily introduce middleware in the controller's constructor, we can declare it directly in the route:
Route::get('about', ['middleware' => 'auth', 'uses' => '[email protected]']);
In the kernel.php
system middleware provided in, such as 'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode'
can let us into the maintenance mode, such as the system on-line, but now need to temporarily shut down for a period of time for processing, we can be processed at the command line, look at the work of this middleware:
php artisan down
Visit the site to see any URL requests are immediately back. Website on-line:
php artisan up
Let's make a middleware of our own:
php artisan make:middleware Demo
Then add the code:
public function handle($request, Closure $next){ //如果请求中含有 foo,我们就回到控制器首页 if ($request->has('foo')) { return redirect('articles'); }return $next($request);}
If you want to use middleware in all requests, you need to kernel.php
$middleware
register in:
protected $middleware = [...'App\Http\Middleware\Demo',];
Now we can test it, assuming we visit /articles/create?foo=bar
, we are redirected to the home page.
Let's get rid of this display middleware and we'll create a really useful middleware. Suppose we want to protect a page that must be accessed by a manager.
php artisan make:middleware RedirectIfNotAManager
Let's add the processing code:
public function handle($request, Closure $next){ if (!$request->user() || !$request->user()->isATeamManager()) { return redirect('articles'); }return $next($request);}
The following modifies our model:
public function isATeamManager() { return false; }
For simplicity's sake, we return false directly. This time we put the middleware in kernel.php
the middle $routeMiddleware
.
protected $routeMiddleware = [...'manager' => 'App\Http\Middleware\RedirectIfNotAManager',];
Let's do a test route test:
Route::get('foo', ['middleware' => 'manager', function() { return 'This page may only be viewed by manager';}]);
Guest identity or login access will return to the home page, but if the change isATeamManager()
true
is returned, login identity access will see the returned information.