With the popularity of Web API, the security of API becomes more and more important. In Laravel, we can use built-in validation rules and middleware to validate and protect API requests.

1. Use Laravel's built-in validation rules

Laravel provides a series of validation rules, such as "required" (required), "email" (email format) etc. We can apply these rules to our API interface to ensure the correctness of the interface parameters.

For example, if we want to verify the parameters of a registered API interface, we can use the following code:

public function register(Request $request) {
    $validatedData = $request->validate([
        'name' => 'required|string|max:255',
        'email' => 'required|string|email|max:255|unique:users',
        'password' => 'required|string|min:8',
    ]);

    // 對(duì)請(qǐng)求參數(shù)進(jìn)行處理
    // ...

    // 注冊(cè)用戶
    // ...
}

In the above code, we use the $request->validate() method to Validate request parameters. If validation fails, Laravel will automatically throw a ValidationException, and then we need to handle this exception in the exception handler.

2. Use Laravel’s built-in middleware

Laravel also provides a lot of middleware to enhance API security. The following are some commonly used middleware:

• auth: used for user authentication, only allowing logged-in users to access the interface;
• throttle: used to limit the request frequency of the API interface to avoid Being attacked or abused;
• cors: used for cross-domain resource sharing, allowing cross-domain requests;
• csrf: used to prevent cross-site request forgery attacks;

We can use these middleware directly in the route definition, as shown below:

// 定義需要認(rèn)證的API接口
Route::middleware(['auth'])->group(function () {
    Route::post('/api/foo', 'FooController@create');
    Route::put('/api/foo/{id}', 'FooController@update');
});

// 定義允許跨域訪問(wèn)的API接口
Route::middleware(['cors'])->group(function () {
    Route::get('/api/bar', 'BarController@index');
});

// 定義限制請(qǐng)求頻率的API接口
Route::middleware(['throttle'])->group(function () {
    Route::get('/api/baz', 'BazController@index');
});

3. Custom middleware

In addition to using Laravel’s built-in middleware, We can also customize middleware to implement more complex verification logic.

For example, if we want to verify that the API request contains a token parameter and that the token is valid, we can create a custom middleware to implement this function:

php artisan make:middleware ValidateToken

public function handle($request, Closure $next)
{
    $token = $request->input('token');

    if (! $token || ! Token::isValid($token)) {
        return response()->json([
            'status' => 'error',
            'message' => 'Invalid token provided',
        ], 401);
    }

    return $next($request);
}

In the above code, we first obtain the "token" parameter in the request and check whether the token is valid. If it is invalid, a 401 status code and error message are returned. Otherwise, continue processing the request.

Finally, we can use this custom middleware in the route definition:

Route::middleware(['validate_token'])->group(function () {
    Route::post('/api/qux', 'QuxController@create');
});

Summary

In Laravel, we can use the built-in validation rules, middleware and Customize middleware to verify API requests and enhance API security. At the same time, we can also implement more complex verification logic based on specific business needs to protect the API interface from being abused or attacked.

The above is the detailed content of How to verify when writing api in laravel. For more information, please follow other related articles on the PHP Chinese website!