diff --git a/.env.example b/.env.example index ac74863..aec784e 100644 --- a/.env.example +++ b/.env.example @@ -1,16 +1,19 @@ -APP_NAME=Laravel -APP_ENV=local +APP_NAME=Aboshabab +APP_ENV= APP_KEY= -APP_DEBUG=true -APP_URL=http://localhost +APP_DEBUG= +APP_URL= +APP_SUPER_PASSWORD= +JWT_SECRET= +JWT_TTL=null LOG_CHANNEL=stack DB_CONNECTION=mysql DB_HOST=127.0.0.1 DB_PORT=3306 -DB_DATABASE=laravel -DB_USERNAME=root +DB_DATABASE= +DB_USERNAME= DB_PASSWORD= BROADCAST_DRIVER=log diff --git a/app/Exceptions/Handler.php b/app/Exceptions/Handler.php index 59c585d..f121697 100644 --- a/app/Exceptions/Handler.php +++ b/app/Exceptions/Handler.php @@ -50,6 +50,18 @@ class Handler extends ExceptionHandler */ public function render($request, Throwable $exception) { - return parent::render($request, $exception); + switch (get_class($exception)) { + case 'Symfony\Component\HttpKernel\Exception\NotFoundHttpException': + return response( ['message' => 'Route not found. Check path & method.' ],404); + case 'Tymon\JWTAuth\Exceptions\TokenBlacklistedException': + case 'Tymon\JWTAuth\Exceptions\TokenInvalidException': + return response( ['message' => 'Authentication failed. '.$exception->getMessage() ], 401); + case 'Illuminate\Auth\Access\AuthorizationException': + return response( ['message' => 'Unauthorized action.' ], 403); + case 'Illuminate\Validation\ValidationException': + return response( ['message' => $exception->errors()], 400); + default: + return parent::render($request, $exception); + } } } diff --git a/app/Http/Controllers/SchoolUserController.php b/app/Http/Controllers/SchoolUserController.php new file mode 100644 index 0000000..f415e8a --- /dev/null +++ b/app/Http/Controllers/SchoolUserController.php @@ -0,0 +1,19 @@ +run(); + } + + public function register(RegisterSchoolForm $form) + { + return $form->run(); + } +} diff --git a/app/Http/Forms/SchoolForms/RegisterSchoolForm.php b/app/Http/Forms/SchoolForms/RegisterSchoolForm.php new file mode 100644 index 0000000..be7db53 --- /dev/null +++ b/app/Http/Forms/SchoolForms/RegisterSchoolForm.php @@ -0,0 +1,37 @@ + 'required|string|max:255', + 'email' => 'required|string|email|max:255|unique:school_users', + 'url' => 'required|string|regex:/^https?:\/\/.*teacharabia\.com\/api$/i|unique:school_users', + 'password' => 'required|string|min:6|confirmed', + 'super_password' => 'required|string' + ]; + } + + public function run() + { + if (env('APP_SUPER_PASSWORD') != $this->super_password) { + $this->failedAuthorization(); + } + else{ + $hashPassword['password'] = Hash::make($this->password); + $this->merge($hashPassword); + $user = new SchoolUser(); + $user->fill($this->only($user->getFillable())); + $user->save(); + $token = JWTAuth::fromUser($user); + return ['token' => $token]; + } + } +} diff --git a/app/Http/Forms/SchoolForms/RenewTokenForm.php b/app/Http/Forms/SchoolForms/RenewTokenForm.php new file mode 100644 index 0000000..91cfcde --- /dev/null +++ b/app/Http/Forms/SchoolForms/RenewTokenForm.php @@ -0,0 +1,35 @@ + 'required|string|email|max:255|exists:school_users', + 'password' => 'required|string|min:6', + 'super_password' => 'required|string', + ]; + } + + public function run() + { + if (env('APP_SUPER_PASSWORD') != $this->super_password) { + $this->failedAuthorization(); + } + else{ + $newToken = JWTAuth::attempt(['email' => $this->email, 'password' => $this->password]); + if($newToken){ + JWTAuth::invalidate(true); + return ['token' => $newToken]; + }else{ + throw new TokenInvalidException('Wrong credentials.'); + } + } + } +} diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 36ced13..ffaa10b 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -63,5 +63,7 @@ class Kernel extends HttpKernel 'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class, 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, 'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class, + 'jwt.verify' => \App\Http\Middleware\JwtMiddleware::class, + 'alljson' => \App\Http\Middleware\JsonMiddleware::class, ]; } diff --git a/app/Http/Middleware/JsonMiddleware.php b/app/Http/Middleware/JsonMiddleware.php new file mode 100644 index 0000000..d0b45dc --- /dev/null +++ b/app/Http/Middleware/JsonMiddleware.php @@ -0,0 +1,21 @@ +headers->set('Accept', 'application/json'); + return $next($request); + } +} diff --git a/app/Http/Middleware/JwtMiddleware.php b/app/Http/Middleware/JwtMiddleware.php new file mode 100644 index 0000000..d524d89 --- /dev/null +++ b/app/Http/Middleware/JwtMiddleware.php @@ -0,0 +1,22 @@ +authenticate(); + return $next($request); + } +} diff --git a/app/SchoolUser.php b/app/SchoolUser.php new file mode 100644 index 0000000..f337139 --- /dev/null +++ b/app/SchoolUser.php @@ -0,0 +1,37 @@ +getKey(); + } + + public function getJWTCustomClaims() + { + return []; + } +} diff --git a/app/User.php b/app/User.php deleted file mode 100644 index e79dab7..0000000 --- a/app/User.php +++ /dev/null @@ -1,39 +0,0 @@ - 'datetime', - ]; -} diff --git a/composer.json b/composer.json index 4e81d21..7abe491 100644 --- a/composer.json +++ b/composer.json @@ -13,7 +13,8 @@ "fruitcake/laravel-cors": "^1.0", "guzzlehttp/guzzle": "^6.3", "laravel/framework": "^7.0", - "laravel/tinker": "^2.0" + "laravel/tinker": "^2.0", + "tymon/jwt-auth": "^1.0" }, "require-dev": { "facade/ignition": "^2.0", diff --git a/composer.lock b/composer.lock index b213cdd..b6a6b5a 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "6558f74828bca9ebecac73d90cea4b1a", + "content-hash": "b14e843dc2793940e08e52b3b0f85b97", "packages": [ { "name": "asm89/stack-cors", @@ -956,6 +956,71 @@ ], "time": "2020-04-07T15:01:31+00:00" }, + { + "name": "lcobucci/jwt", + "version": "3.3.2", + "source": { + "type": "git", + "url": "https://github.com/lcobucci/jwt.git", + "reference": "56f10808089e38623345e28af2f2d5e4eb579455" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/lcobucci/jwt/zipball/56f10808089e38623345e28af2f2d5e4eb579455", + "reference": "56f10808089e38623345e28af2f2d5e4eb579455", + "shasum": "" + }, + "require": { + "ext-mbstring": "*", + "ext-openssl": "*", + "php": "^5.6 || ^7.0" + }, + "require-dev": { + "mikey179/vfsstream": "~1.5", + "phpmd/phpmd": "~2.2", + "phpunit/php-invoker": "~1.1", + "phpunit/phpunit": "^5.7 || ^7.3", + "squizlabs/php_codesniffer": "~2.3" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "3.1-dev" + } + }, + "autoload": { + "psr-4": { + "Lcobucci\\JWT\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Luís Otávio Cobucci Oblonczyk", + "email": "lcobucci@gmail.com", + "role": "Developer" + } + ], + "description": "A simple library to work with JSON Web Token and JSON Web Signature", + "keywords": [ + "JWS", + "jwt" + ], + "funding": [ + { + "url": "https://github.com/lcobucci", + "type": "github" + }, + { + "url": "https://www.patreon.com/lcobucci", + "type": "patreon" + } + ], + "time": "2020-05-22T08:21:12+00:00" + }, { "name": "league/commonmark", "version": "1.4.3", @@ -1237,6 +1302,69 @@ ], "time": "2020-05-22T08:12:19+00:00" }, + { + "name": "namshi/jose", + "version": "7.2.3", + "source": { + "type": "git", + "url": "https://github.com/namshi/jose.git", + "reference": "89a24d7eb3040e285dd5925fcad992378b82bcff" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/namshi/jose/zipball/89a24d7eb3040e285dd5925fcad992378b82bcff", + "reference": "89a24d7eb3040e285dd5925fcad992378b82bcff", + "shasum": "" + }, + "require": { + "ext-date": "*", + "ext-hash": "*", + "ext-json": "*", + "ext-pcre": "*", + "ext-spl": "*", + "php": ">=5.5", + "symfony/polyfill-php56": "^1.0" + }, + "require-dev": { + "phpseclib/phpseclib": "^2.0", + "phpunit/phpunit": "^4.5|^5.0", + "satooshi/php-coveralls": "^1.0" + }, + "suggest": { + "ext-openssl": "Allows to use OpenSSL as crypto engine.", + "phpseclib/phpseclib": "Allows to use Phpseclib as crypto engine, use version ^2.0." + }, + "type": "library", + "autoload": { + "psr-4": { + "Namshi\\JOSE\\": "src/Namshi/JOSE/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Alessandro Nadalin", + "email": "alessandro.nadalin@gmail.com" + }, + { + "name": "Alessandro Cinelli (cirpo)", + "email": "alessandro.cinelli@gmail.com" + } + ], + "description": "JSON Object Signing and Encryption library for PHP.", + "keywords": [ + "JSON Web Signature", + "JSON Web Token", + "JWS", + "json", + "jwt", + "token" + ], + "time": "2016-12-05T07:27:31+00:00" + }, { "name": "nesbot/carbon", "version": "2.34.2", @@ -3031,6 +3159,76 @@ ], "time": "2020-05-12T16:47:27+00:00" }, + { + "name": "symfony/polyfill-php56", + "version": "v1.17.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/polyfill-php56.git", + "reference": "e3c8c138280cdfe4b81488441555583aa1984e23" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/polyfill-php56/zipball/e3c8c138280cdfe4b81488441555583aa1984e23", + "reference": "e3c8c138280cdfe4b81488441555583aa1984e23", + "shasum": "" + }, + "require": { + "php": ">=5.3.3", + "symfony/polyfill-util": "~1.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.17-dev" + } + }, + "autoload": { + "psr-4": { + "Symfony\\Polyfill\\Php56\\": "" + }, + "files": [ + "bootstrap.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony polyfill backporting some PHP 5.6+ features to lower PHP versions", + "homepage": "https://symfony.com", + "keywords": [ + "compatibility", + "polyfill", + "portable", + "shim" + ], + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2020-05-12T16:47:27+00:00" + }, { "name": "symfony/polyfill-php72", "version": "v1.17.0", @@ -3172,6 +3370,72 @@ ], "time": "2020-05-12T16:47:27+00:00" }, + { + "name": "symfony/polyfill-util", + "version": "v1.17.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/polyfill-util.git", + "reference": "4afb4110fc037752cf0ce9869f9ab8162c4e20d7" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/polyfill-util/zipball/4afb4110fc037752cf0ce9869f9ab8162c4e20d7", + "reference": "4afb4110fc037752cf0ce9869f9ab8162c4e20d7", + "shasum": "" + }, + "require": { + "php": ">=5.3.3" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.17-dev" + } + }, + "autoload": { + "psr-4": { + "Symfony\\Polyfill\\Util\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony utilities for portability of PHP codes", + "homepage": "https://symfony.com", + "keywords": [ + "compat", + "compatibility", + "polyfill", + "shim" + ], + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2020-05-12T16:14:59+00:00" + }, { "name": "symfony/process", "version": "v5.0.8", @@ -3669,6 +3933,86 @@ "homepage": "https://github.com/tijsverkoyen/CssToInlineStyles", "time": "2019-10-24T08:53:34+00:00" }, + { + "name": "tymon/jwt-auth", + "version": "1.0.0", + "source": { + "type": "git", + "url": "https://github.com/tymondesigns/jwt-auth.git", + "reference": "d4cf9fd2b98790712d3e6cd1094e5ff018431f19" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/tymondesigns/jwt-auth/zipball/d4cf9fd2b98790712d3e6cd1094e5ff018431f19", + "reference": "d4cf9fd2b98790712d3e6cd1094e5ff018431f19", + "shasum": "" + }, + "require": { + "illuminate/auth": "^5.2|^6|^7", + "illuminate/contracts": "^5.2|^6|^7", + "illuminate/http": "^5.2|^6|^7", + "illuminate/support": "^5.2|^6|^7", + "lcobucci/jwt": "^3.2", + "namshi/jose": "^7.0", + "nesbot/carbon": "^1.0|^2.0", + "php": "^5.5.9|^7.0" + }, + "require-dev": { + "illuminate/console": "^5.2|^6|^7", + "illuminate/database": "^5.2|^6|^7", + "illuminate/routing": "^5.2|^6|^7", + "mockery/mockery": ">=0.9.9", + "phpunit/phpunit": "~4.8|~6.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-develop": "1.0-dev" + }, + "laravel": { + "aliases": { + "JWTAuth": "Tymon\\JWTAuth\\Facades\\JWTAuth", + "JWTFactory": "Tymon\\JWTAuth\\Facades\\JWTFactory" + }, + "providers": [ + "Tymon\\JWTAuth\\Providers\\LaravelServiceProvider" + ] + } + }, + "autoload": { + "psr-4": { + "Tymon\\JWTAuth\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Sean Tymon", + "email": "tymon148@gmail.com", + "homepage": "https://tymon.xyz", + "role": "Developer" + } + ], + "description": "JSON Web Token Authentication for Laravel and Lumen", + "homepage": "https://github.com/tymondesigns/jwt-auth", + "keywords": [ + "Authentication", + "JSON Web Token", + "auth", + "jwt", + "laravel" + ], + "funding": [ + { + "url": "https://www.patreon.com/seantymon", + "type": "patreon" + } + ], + "time": "2020-03-04T11:21:28+00:00" + }, { "name": "vlucas/phpdotenv", "version": "v4.1.6", diff --git a/config/app.php b/config/app.php index 8409e00..b1be0eb 100644 --- a/config/app.php +++ b/config/app.php @@ -174,6 +174,7 @@ return [ // App\Providers\BroadcastServiceProvider::class, App\Providers\EventServiceProvider::class, App\Providers\RouteServiceProvider::class, + Tymon\JWTAuth\Providers\LaravelServiceProvider::class, ], @@ -226,6 +227,8 @@ return [ 'URL' => Illuminate\Support\Facades\URL::class, 'Validator' => Illuminate\Support\Facades\Validator::class, 'View' => Illuminate\Support\Facades\View::class, + 'JWTAuth' => Tymon\JWTAuth\Facades\JWTAuth::class, + 'JWTFactory' => Tymon\JWTAuth\Facades\JWTFactory::class, ], diff --git a/config/auth.php b/config/auth.php index aaf982b..ce62b43 100644 --- a/config/auth.php +++ b/config/auth.php @@ -68,7 +68,7 @@ return [ 'providers' => [ 'users' => [ 'driver' => 'eloquent', - 'model' => App\User::class, + 'model' => App\SchoolUser::class, ], // 'users' => [ diff --git a/config/jwt.php b/config/jwt.php new file mode 100644 index 0000000..124e394 --- /dev/null +++ b/config/jwt.php @@ -0,0 +1,303 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +return [ + + /* + |-------------------------------------------------------------------------- + | JWT Authentication Secret + |-------------------------------------------------------------------------- + | + | Don't forget to set this in your .env file, as it will be used to sign + | your tokens. A helper command is provided for this: + | `php artisan jwt:secret` + | + | Note: This will be used for Symmetric algorithms only (HMAC), + | since RSA and ECDSA use a private/public key combo (See below). + | + */ + + 'secret' => env('JWT_SECRET'), + + /* + |-------------------------------------------------------------------------- + | JWT Authentication Keys + |-------------------------------------------------------------------------- + | + | The algorithm you are using, will determine whether your tokens are + | signed with a random string (defined in `JWT_SECRET`) or using the + | following public & private keys. + | + | Symmetric Algorithms: + | HS256, HS384 & HS512 will use `JWT_SECRET`. + | + | Asymmetric Algorithms: + | RS256, RS384 & RS512 / ES256, ES384 & ES512 will use the keys below. + | + */ + + 'keys' => [ + + /* + |-------------------------------------------------------------------------- + | Public Key + |-------------------------------------------------------------------------- + | + | A path or resource to your public key. + | + | E.g. 'file://path/to/public/key' + | + */ + + 'public' => env('JWT_PUBLIC_KEY'), + + /* + |-------------------------------------------------------------------------- + | Private Key + |-------------------------------------------------------------------------- + | + | A path or resource to your private key. + | + | E.g. 'file://path/to/private/key' + | + */ + + 'private' => env('JWT_PRIVATE_KEY'), + + /* + |-------------------------------------------------------------------------- + | Passphrase + |-------------------------------------------------------------------------- + | + | The passphrase for your private key. Can be null if none set. + | + */ + + 'passphrase' => env('JWT_PASSPHRASE'), + + ], + + /* + |-------------------------------------------------------------------------- + | JWT time to live + |-------------------------------------------------------------------------- + | + | Specify the length of time (in minutes) that the token will be valid for. + | Defaults to 1 hour. + | + | You can also set this to null, to yield a never expiring token. + | Some people may want this behaviour for e.g. a mobile app. + | This is not particularly recommended, so make sure you have appropriate + | systems in place to revoke the token if necessary. + | Notice: If you set this to null you should remove 'exp' element from 'required_claims' list. + | + */ + + 'ttl' => env('JWT_TTL', 60), + + /* + |-------------------------------------------------------------------------- + | Refresh time to live + |-------------------------------------------------------------------------- + | + | Specify the length of time (in minutes) that the token can be refreshed + | within. I.E. The user can refresh their token within a 2 week window of + | the original token being created until they must re-authenticate. + | Defaults to 2 weeks. + | + | You can also set this to null, to yield an infinite refresh time. + | Some may want this instead of never expiring tokens for e.g. a mobile app. + | This is not particularly recommended, so make sure you have appropriate + | systems in place to revoke the token if necessary. + | + */ + + 'refresh_ttl' => env('JWT_REFRESH_TTL', 20160), + + /* + |-------------------------------------------------------------------------- + | JWT hashing algorithm + |-------------------------------------------------------------------------- + | + | Specify the hashing algorithm that will be used to sign the token. + | + | See here: https://github.com/namshi/jose/tree/master/src/Namshi/JOSE/Signer/OpenSSL + | for possible values. + | + */ + + 'algo' => env('JWT_ALGO', 'HS256'), + + /* + |-------------------------------------------------------------------------- + | Required Claims + |-------------------------------------------------------------------------- + | + | Specify the required claims that must exist in any token. + | A TokenInvalidException will be thrown if any of these claims are not + | present in the payload. + | + */ + + 'required_claims' => [ + 'iss', + 'iat', + 'nbf', + 'sub', + 'jti', + ], + + /* + |-------------------------------------------------------------------------- + | Persistent Claims + |-------------------------------------------------------------------------- + | + | Specify the claim keys to be persisted when refreshing a token. + | `sub` and `iat` will automatically be persisted, in + | addition to the these claims. + | + | Note: If a claim does not exist then it will be ignored. + | + */ + + 'persistent_claims' => [ + // 'foo', + // 'bar', + ], + + /* + |-------------------------------------------------------------------------- + | Lock Subject + |-------------------------------------------------------------------------- + | + | This will determine whether a `prv` claim is automatically added to + | the token. The purpose of this is to ensure that if you have multiple + | authentication models e.g. `App\User` & `App\OtherPerson`, then we + | should prevent one authentication request from impersonating another, + | if 2 tokens happen to have the same id across the 2 different models. + | + | Under specific circumstances, you may want to disable this behaviour + | e.g. if you only have one authentication model, then you would save + | a little on token size. + | + */ + + 'lock_subject' => true, + + /* + |-------------------------------------------------------------------------- + | Leeway + |-------------------------------------------------------------------------- + | + | This property gives the jwt timestamp claims some "leeway". + | Meaning that if you have any unavoidable slight clock skew on + | any of your servers then this will afford you some level of cushioning. + | + | This applies to the claims `iat`, `nbf` and `exp`. + | + | Specify in seconds - only if you know you need it. + | + */ + + 'leeway' => env('JWT_LEEWAY', 0), + + /* + |-------------------------------------------------------------------------- + | Blacklist Enabled + |-------------------------------------------------------------------------- + | + | In order to invalidate tokens, you must have the blacklist enabled. + | If you do not want or need this functionality, then set this to false. + | + */ + + 'blacklist_enabled' => env('JWT_BLACKLIST_ENABLED', true), + + /* + | ------------------------------------------------------------------------- + | Blacklist Grace Period + | ------------------------------------------------------------------------- + | + | When multiple concurrent requests are made with the same JWT, + | it is possible that some of them fail, due to token regeneration + | on every request. + | + | Set grace period in seconds to prevent parallel request failure. + | + */ + + 'blacklist_grace_period' => env('JWT_BLACKLIST_GRACE_PERIOD', 0), + + /* + |-------------------------------------------------------------------------- + | Cookies encryption + |-------------------------------------------------------------------------- + | + | By default Laravel encrypt cookies for security reason. + | If you decide to not decrypt cookies, you will have to configure Laravel + | to not encrypt your cookie token by adding its name into the $except + | array available in the middleware "EncryptCookies" provided by Laravel. + | see https://laravel.com/docs/master/responses#cookies-and-encryption + | for details. + | + | Set it to true if you want to decrypt cookies. + | + */ + + 'decrypt_cookies' => false, + + /* + |-------------------------------------------------------------------------- + | Providers + |-------------------------------------------------------------------------- + | + | Specify the various providers used throughout the package. + | + */ + + 'providers' => [ + + /* + |-------------------------------------------------------------------------- + | JWT Provider + |-------------------------------------------------------------------------- + | + | Specify the provider that is used to create and decode the tokens. + | + */ + + 'jwt' => Tymon\JWTAuth\Providers\JWT\Lcobucci::class, + + /* + |-------------------------------------------------------------------------- + | Authentication Provider + |-------------------------------------------------------------------------- + | + | Specify the provider that is used to authenticate users. + | + */ + + 'auth' => Tymon\JWTAuth\Providers\Auth\Illuminate::class, + + /* + |-------------------------------------------------------------------------- + | Storage Provider + |-------------------------------------------------------------------------- + | + | Specify the provider that is used to store tokens in the blacklist. + | + */ + + 'storage' => Tymon\JWTAuth\Providers\Storage\Illuminate::class, + + ], + +]; diff --git a/database/migrations/2014_10_12_000000_create_users_table.php b/database/migrations/2014_10_12_000000_create_users_table.php index 621a24e..797032f 100644 --- a/database/migrations/2014_10_12_000000_create_users_table.php +++ b/database/migrations/2014_10_12_000000_create_users_table.php @@ -13,13 +13,12 @@ class CreateUsersTable extends Migration */ public function up() { - Schema::create('users', function (Blueprint $table) { + Schema::create('school_users', function (Blueprint $table) { $table->id(); $table->string('name'); $table->string('email')->unique(); - $table->timestamp('email_verified_at')->nullable(); $table->string('password'); - $table->rememberToken(); + $table->string('url')->unique(); $table->timestamps(); }); } @@ -31,6 +30,6 @@ class CreateUsersTable extends Migration */ public function down() { - Schema::dropIfExists('users'); + Schema::dropIfExists('school_users'); } } diff --git a/routes/api.php b/routes/api.php index bcb8b18..d47830c 100644 --- a/routes/api.php +++ b/routes/api.php @@ -14,6 +14,13 @@ use Illuminate\Support\Facades\Route; | */ -Route::middleware('auth:api')->get('/user', function (Request $request) { - return $request->user(); +Route::group(['middleware' => ['alljson']], function () { + Route::group(['prefix' => 'school'],function (){ + Route::group(['middleware' => ['jwt.verify']], function() { + Route::post('change-token','SchoolUserController@renewToken'); + //notify + }); + + Route::post('register','SchoolUserController@register'); + }); });