Skip to content

Commit 226d1bf

Browse files
taylorotwelltaylorotwell
authored
[8.x] Sanctum (laravel#5663)
* initial sanctum poc * add files * remove token
1 parent 236b318 commit 226d1bf

File tree

7 files changed

+93
-9
lines changed

7 files changed

+93
-9
lines changed

app/Http/Kernel.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,7 @@ class Kernel extends HttpKernel
4040
],
4141

4242
'api' => [
43+
// \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
4344
'throttle:api',
4445
\Illuminate\Routing\Middleware\SubstituteBindings::class,
4546
],

app/Models/User.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,11 @@
66
use Illuminate\Database\Eloquent\Factories\HasFactory;
77
use Illuminate\Foundation\Auth\User as Authenticatable;
88
use Illuminate\Notifications\Notifiable;
9+
use Laravel\Sanctum\HasApiTokens;
910

1011
class User extends Authenticatable
1112
{
12-
use HasFactory, Notifiable;
13+
use HasApiTokens, HasFactory, Notifiable;
1314

1415
/**
1516
* The attributes that are mass assignable.

composer.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99
"fruitcake/laravel-cors": "^2.0",
1010
"guzzlehttp/guzzle": "^7.0.1",
1111
"laravel/framework": "^8.54",
12+
"laravel/sanctum": "^2.11",
1213
"laravel/tinker": "^2.5"
1314
},
1415
"require-dev": {

config/auth.php

Lines changed: 1 addition & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@
3131
| users are actually retrieved out of your database or other storage
3232
| mechanisms used by this application to persist your user's data.
3333
|
34-
| Supported: "session", "token"
34+
| Supported: "session"
3535
|
3636
*/
3737

@@ -40,12 +40,6 @@
4040
'driver' => 'session',
4141
'provider' => 'users',
4242
],
43-
44-
'api' => [
45-
'driver' => 'token',
46-
'provider' => 'users',
47-
'hash' => false,
48-
],
4943
],
5044

5145
/*

config/sanctum.php

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
<?php
2+
3+
return [
4+
5+
/*
6+
|--------------------------------------------------------------------------
7+
| Stateful Domains
8+
|--------------------------------------------------------------------------
9+
|
10+
| Requests from the following domains / hosts will receive stateful API
11+
| authentication cookies. Typically, these should include your local
12+
| and production domains which access your API via a frontend SPA.
13+
|
14+
*/
15+
16+
'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(
17+
'%s%s',
18+
'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1',
19+
env('APP_URL') ? ','.parse_url(env('APP_URL'), PHP_URL_HOST) : ''
20+
))),
21+
22+
/*
23+
|--------------------------------------------------------------------------
24+
| Expiration Minutes
25+
|--------------------------------------------------------------------------
26+
|
27+
| This value controls the number of minutes until an issued token will be
28+
| considered expired. If this value is null, personal access tokens do
29+
| not expire. This won't tweak the lifetime of first-party sessions.
30+
|
31+
*/
32+
33+
'expiration' => null,
34+
35+
/*
36+
|--------------------------------------------------------------------------
37+
| Sanctum Middleware
38+
|--------------------------------------------------------------------------
39+
|
40+
| When authenticating your first-party SPA with Sanctum you may need to
41+
| customize some of the middleware Sanctum uses while processing the
42+
| request. You may change the middleware listed below as required.
43+
|
44+
*/
45+
46+
'middleware' => [
47+
'verify_csrf_token' => App\Http\Middleware\VerifyCsrfToken::class,
48+
'encrypt_cookies' => App\Http\Middleware\EncryptCookies::class,
49+
],
50+
51+
];

database/migrations/2019_12_14_000001_create_personal_access_tokens_table.php

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
<?php
2+
3+
use Illuminate\Database\Migrations\Migration;
4+
use Illuminate\Database\Schema\Blueprint;
5+
use Illuminate\Support\Facades\Schema;
6+
7+
class CreatePersonalAccessTokensTable extends Migration
8+
{
9+
/**
10+
* Run the migrations.
11+
*
12+
* @return void
13+
*/
14+
public function up()
15+
{
16+
Schema::create('personal_access_tokens', function (Blueprint $table) {
17+
$table->bigIncrements('id');
18+
$table->morphs('tokenable');
19+
$table->string('name');
20+
$table->string('token', 64)->unique();
21+
$table->text('abilities')->nullable();
22+
$table->timestamp('last_used_at')->nullable();
23+
$table->timestamps();
24+
});
25+
}
26+
27+
/**
28+
* Reverse the migrations.
29+
*
30+
* @return void
31+
*/
32+
public function down()
33+
{
34+
Schema::dropIfExists('personal_access_tokens');
35+
}
36+
}

routes/api.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,6 @@
1414
|
1515
*/
1616

17-
Route::middleware('auth:api')->get('/user', function (Request $request) {
17+
Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
1818
return $request->user();
1919
});

0 commit comments

Comments
 (0)