API Rest con Laravel
Creación de un API con Laravel usando Sanctum
Passport Or Sanctum?
Sanctum
Build Secure PHP REST API in Laravel 8 with Sanctum Auth
Código en GitHub de REST API in Laravel 8 with Sanctum
Instalar Sanctum
composer require laravel/sanctum
Modificación del api en el fichero app/Http/Kernel.php:
protected $middlewareGroups = [
...
...
'api' => [
\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
...
...
];
Fichero app/Http/Kernel.php:
<?php
namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* @var array
*/
protected $middleware = [
// \App\Http\Middleware\TrustHosts::class,
\App\Http\Middleware\TrustProxies::class,
\Fruitcake\Cors\HandleCors::class,
\App\Http\Middleware\PreventRequestsDuringMaintenance::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
];
/**
* The application's route middleware groups.
*
* @var array
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Laravel\Jetstream\Http\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
];
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* @var array
*/
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
];
}
Modificar el fichero app/Models/Task.php
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
class Task extends Model
{
use HasFactory;
protected $fillable = [
'description'
];
public function user()
{
return $this->belongsTo(User::class);
}
}
Ejecutar la migración (aunque no es necesario).
php artisan migrate
Crear los recursos del API
php artisan make:resource Task
Modificar el fichero app/Http/Resources/Task.php
<?php
namespace App\Http\Resources;
use Illuminate\Http\Resources\Json\JsonResource;
class Task extends JsonResource
{
public function toArray($request)
{
return [
'id' => $this->id,
'description' => $this->description,
'created_at' => $this->created_at->format('d/m/Y'),
'updated_at' => $this->updated_at->format('d/m/Y'),
];
}
}
Crear los controladores
Crear el fichero app/Http/Controllers/API/BaseController.php
<?php
namespace App\Http\Controllers\API;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller as Controller;
class BaseController extends Controller
{
/**
* success response method.
*
* @return \Illuminate\Http\Response
*/
public function sendResponse($result, $message)
{
$response = [
'success' => true,
'data' => $result,
'message' => $message,
];
return response()->json($response, 200);
}
/**
* return error response.
*
* @return \Illuminate\Http\Response
*/
public function sendError($error, $errorMessages = [], $code = 404)
{
$response = [
'success' => false,
'message' => $error,
];
if(!empty($errorMessages)){
$response['data'] = $errorMessages;
}
return response()->json($response, $code);
}
}
Crear el fichero app/Http/Controllers/API/AuthController.php
<?php
namespace App\Http\Controllers\API;
use Illuminate\Http\Request;
use App\Http\Controllers\API\BaseController as BaseController;
use Illuminate\Support\Facades\Auth;
use Validator;
use App\Models\User;
class AuthController extends BaseController
{
public function signin(Request $request)
{
if(Auth::attempt(['email' => $request->email, 'password' => $request->password])){
$authUser = Auth::user();
$success['token'] = $authUser->createToken('MyAuthApp')->plainTextToken;
$success['name'] = $authUser->name;
return $this->sendResponse($success, 'User signed in');
}
else{
return $this->sendError('Unauthorised.', ['error'=>'Unauthorised']);
}
}
public function signup(Request $request)
{
$validator = Validator::make($request->all(), [
'name' => 'required',
'email' => 'required|email',
'password' => 'required',
'confirm_password' => 'required|same:password',
]);
if($validator->fails()){
return $this->sendError('Error validation', $validator->errors());
}
$input = $request->all();
$input['password'] = bcrypt($input['password']);
$user = User::create($input);
$success['token'] = $user->createToken('MyAuthApp')->plainTextToken;
$success['name'] = $user->name;
return $this->sendResponse($success, 'User created successfully.');
}
public function logout(Request $request)
{
// Get user who requested the logout
$user = request()->user(); //or Auth::user()
// Revoke current user token
$user->tokens()->where('id', $user->currentAccessToken()->id)->delete();
$success['name'] = $user->name;
// return response()->json(['message' => 'User successfully signed out']);
return $this->sendResponse($success, 'User successfully signed out.');
}
}
TODO: validar el email cuando un usuario se registra a través del API
(se puede validar desde el navegador)
API
Using HTTP Methods for RESTful Services
Crear el fichero app/Http/Controllers/API/TaskController.php y añadir las operaciones CRUD en el API
<?php
namespace App\Http\Controllers\API;
use Illuminate\Http\Request;
use App\Http\Controllers\API\BaseController as BaseController;
use Validator;
use App\Models\Task;
use App\Http\Resources\Task as TaskResource;
class TaskController extends BaseController
{
public function index()
{
// get all tasks
// $tasks = Task::all();
// get user tasks (error)
// $tasks = auth()->user()->tasks();
$tasks = Task::where('user_id', auth()->user()->id)
->get();
return $this->sendResponse(TaskResource::collection($tasks), 'Tasks fetched.');
}
public function store(Request $request)
{
$input = $request->all();
$validator = Validator::make($input, [
'description' => 'required'
]);
if ($validator->fails()){
return $this->sendError($validator->errors());
}
$task = new Task();
$task->description = $request->description;
$task->user_id = auth()->user()->id;
$task->save();
return $this->sendResponse(new TaskResource($task), 'Task created.');
}
public function show($id)
{
$task = Task::find($id);
if (is_null($task)) {
return $this->sendError('Task does not exist.');
}
return $this->sendResponse(new TaskResource($task), 'Task fetched.');
}
public function update(Request $request, Task $task)
{
$input = $request->all();
$validator = Validator::make($input, [
'description' => 'required'
]);
if($validator->fails()){
return $this->sendError($validator->errors());
}
$task->description = $input['description'];
$task->save();
return $this->sendResponse(new TaskResource($task), 'Task updated.');
}
public function destroy(Task $task)
{
$task = Task::find($id);
$message = 'Task deleted.';
if (is_null($task)) {
$message = 'Task does not exist.';
}
$task->delete();
return $this->sendResponse([], $message);
}
}
Crear el fichero de rutas routes/api.php
<?php
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\API\AuthController;
use App\Http\Controllers\API\TaskController;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
*/
Route::post('login', [AuthController::class, 'signin']);
Route::post('register', [AuthController::class, 'signup']);
Route::middleware('auth:sanctum')->group( function () {
Route::resource('tasks', TaskController::class);
Route::post('logout', [AuthController::class, 'logout']);
});
Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
return $request->user();
});
Duración del token:
How does Laravel sanctum expire tokens?
Configuración en el fichero config/sanctum.php
/* |-------------------------------------------------------------------------- | Expiration Minutes |-------------------------------------------------------------------------- | | This value controls the number of minutes until an issued token will be | considered expired. If this value is null, personal access tokens do | not expire. This won't tweak the lifetime of first-party sessions. | */ 'expiration' => null, //'expiration' => 60 * 24 * 7,
Más información:
Laravel 8 Sanctum API Authentication Tutorial
Código en GitHub de Laravel 8 Sanctum API
API Authentication using Laravel 8 Sanctum Tutorial
Deja una respuesta
Lo siento, debes estar conectado para publicar un comentario.