• 8.31补充

原作者Colorado 的那个 ApiResponse Trait 中 setHttpCode addHttpHeader等方法中使用类属性保存值，在协程中使用存在问题，应使用Context 上下文，代码已修改

总结

• 安装 hyperf-ext/auth，hyperf-ext/jwt 并配置好

• 修改 auth 的配置文件

  • guard 默认改为 api
  • api 的驱动使用 JwtGuard，提供者provider的模型改为自己的user用户模型

• 修改 user用户模型，实现俩个接口 JwtSubjectInterface AuthenticatableInterface

  • 使用 use HyperfExt\Auth\Authenticatable; 实现AuthenticatableInterface
  • 添加 getJwtIdentifier() getJwtCustomClaims()实现JwtSubjectInterface。getJwtIdentifier()方法要返回主键ID

• 创建hyperf的中间件，在process里处理 JWT

  • 使用JwtFactory类的make(),获得$jwt对象
  • 使用 $jwt->checkOrFail() 验证Token，失败返回response

• 控制器中使用

  • $auth = make(AuthManagerInterface::class)->guard('api');
  • $auth->login(UserModel);
  • $auth->user();
  • $auth->id();

安装一些组件

composer require hyperf-ext/auth
composer require hyperf-ext/jwt

发布配置

php bin/hyperf.php vendor:publish hyperf-ext/auth
php bin/hyperf.php vendor:publish hyperf-ext/jwt
# 生成 jwt 密钥
php bin/hyperf.php gen:jwt-secret

配置 auth

修改默认guard（可不改，后面使用时需指定），将api使用的provider的模型改为你的用户模型

'default' => [
    'guard' => 'api',
]

'providers' => [
    'users' => [
        'driver' => \HyperfExt\Auth\UserProviders\ModelUserProvider::class,
        'options' => [
            'model' => App\Model\User::class, # 用户模型
            'hash_driver' => 'bcrypt',
        ],
    ],
]

#config/autoload/auth.php

添加auth助手函数

新建一个文件写入如下代码，方便使用

if (!function_exists('auth')) {
    /**
     * Auth认证辅助方法
     * @param string|null $guard
     * @return \HyperfExt\Auth\Contracts\GuardInterface|\HyperfExt\Auth\Contracts\StatefulGuardInterface|\HyperfExt\Auth\Contracts\StatelessGuardInterface
     */
    function auth(string $guard = null)
    {
        if (is_null($guard)) $guard = config('auth.default.guard');
        return make(AuthManagerInterface::class)->guard($guard);
    }
}

#app/Functions.php

将上面文件加入到 composer 的自动加载中

"autoload": {
    "files": [
        "app/Functions.php"
    ]
}

#composer.json

修改user模型

# 实现 jwt,auth 的接口
class User extends Model implements JwtSubjectInterface,AuthenticatableInterface

# 增加 auth 支持
use Authenticatable;

# 增加 jwt接口需要的方法
public function getJwtCustomClaims(): array
{
    return [
            'guard' => 'api'    // 添加自定义信息
        ];
}

public function getJwtIdentifier()
{
    return $this->getKey();
}

新建一个 ApiResponse Trait

方便处理接口返回内容，或者可以自己手动返回
ResponseInterface
withBody(Stream)

<?php
declare(strict_types=1);
namespace App\Traits;

use Hyperf\HttpMessage\Stream\SwooleStream;
use Hyperf\Utils\Codec\Json;
use Hyperf\Utils\Context;
use Hyperf\Utils\Contracts\Arrayable;
use Hyperf\Utils\Contracts\Jsonable;
use Psr\Http\Message\ResponseInterface;

/**
 * Trait ApiResponse
 * @author Colorado 
 * @package App\Traits
 */
trait ApiResponse
{
    private $httpCode = 200;
    private $errorCode = 100000;
    private $errorMsg = '系统错误';
    private $headers = [];

    protected $response;

    /**
     * 成功响应
     * @param mixed $data
     * @return ResponseInterface
     */
    public function success($data): ResponseInterface
    {
        return $this->respond($data);
    }

    /**
     * 错误返回
     * @param int    $err_code    错误业务码
     * @param string $err_msg     错误信息
     * @param array  $data        额外返回的数据
     * @return ResponseInterface
     */
    public function error(int $err_code = null,string $err_msg = null, array $data = []): ResponseInterface
    {
        if (!Context::has('httpCode')){
            Context::set('httpCode',400);
        }
        return $this->respond([
                'err_code' => $err_code ?? $this->errorCode,
                'err_msg' => $err_msg ?? $this->errorMsg,
                'data' => $data
            ]);
    }

    /**
     * 设置http返回码
     * @param int $code    http返回码
     * @return $this
     */
    final public function setHttpCode(int $code = 200): self
    {
        Context::set('httpCode',$code);
        return $this;
    }

    /**
     * 设置返回头部header值
     * @param string $key
     * @param        $value
     * @return $this
     */
    public function addHttpHeader(string $key, $value): self
    {
        $this->headers += [$key => $value];
        return $this;
    }

    /**
     * 批量设置头部返回
     * @param array $headers    header数组：[key1 => value1, key2 => value2]
     * @return $this
     */
    public function addHttpHeaders(array $headers = []): self
    {
        $this->headers += $headers;
        return $this;
    }

    /**
     * @param null|array|Arrayable|Jsonable|string $response
     * @return ResponseInterface
     */
    private function respond($response): ResponseInterface
    {
        if (is_string($response)) {
            return $this->response()->withAddedHeader('content-type', 'text/plain')->withBody(new SwooleStream($response));
        }

        if (is_array($response) || $response instanceof Arrayable) {
            return $this->response()
                ->withAddedHeader('content-type', 'application/json')
                ->withBody(new SwooleStream(Json::encode($response)));
        }

        if ($response instanceof Jsonable) {
            return $this->response()
                ->withAddedHeader('content-type', 'application/json')
                ->withBody(new SwooleStream((string)$response));
        }

        return $this->response()->withAddedHeader('content-type', 'text/plain')->withBody(new SwooleStream((string)$response));
    }

    /**
     * 获取 Response 对象
     * @return mixed|ResponseInterface|null
     */
    protected function response(): ResponseInterface
    {
        $response = Context::get(ResponseInterface::class);
        foreach ($this->headers as $key => $value) {
            $response = $response->withHeader($key, $value);
        }
        $httpCode = Context::get('httpCode','200');
        return $response;
    }
}

创建验证中间件

hyperf的中间件和laravel的中间件实现方式不同，需要创建新的中间件
验证失败时，返回错误 response

php bin/hyperf.php gen:middleware JwtMiddleware

<?php

declare(strict_types=1);

namespace App\Middleware;

use App\Traits\ApiResponse;
use Hyperf\Di\Annotation\Inject;
use HyperfExt\Jwt\Exceptions\TokenExpiredException;
use HyperfExt\Jwt\JwtFactory;
use Psr\Container\ContainerInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;

class JwtMiddleware implements MiddlewareInterface
{
    use ApiResponse;
    /**
     * @var ContainerInterface
     */
    protected $container;
    
    /**
     * 注入 JwtFactory
     * @Inject
     * @var JwtFactory
     */
    private $jwtFactory;

    public function __construct(ContainerInterface $container)
    {
        $this->container = $container;
    }

    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        $jwt = $this->jwtFactory->make();

        try {
            $jwt->checkOrFail();
        } catch (\Exception $exception) {
            if (! $exception instanceof TokenExpiredException) {
                return $this->error(40000,$exception->getMessage());
            }
            //  尝试自动刷新 token
            try {
                $token = $jwt->getToken();

                // 刷新token
                $new_token = $jwt->getManager()->refresh($token);

                // 解析token载荷信息
                $payload = $jwt->getManager()->decode($token, false, true);

                // 旧token加入黑名单
                $jwt->getManager()->getBlacklist()->add($payload);

                // 一次性登录，保证此次请求畅通
                auth($payload->get('guard') ?? config('auth.default.guard'))
                    ->onceUsingId($payload->get('sub'));

                return $handler->handle($request)->withHeader('authorization', 'bearer ' . $new_token);
            } catch (\Exception $exception) {
                //    Token 验证失败
                return $this->setHttpCode(401)->error(40001,$exception->getMessage());
            }
        }

        return $handler->handle($request);
    }
}

控制器使用

/**
 * @Middleware(JwtMiddleware::class) # 中间件
 */
public function me()
{
    $token = auth()->login(User::first());
    $user = auth()->user();
    $userid = auth()->id();
}

参考文章