Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
H
H
he he2016-10-12 22:34:47
Laravel
he he, 2016-10-12 22:34:47

Restful service or not?

As a practice, I decided to write a standard blog on restful api.
If I correctly understood all his "logic" of course.
Now added registration with authorization. I tested everything on jquery (ajax), everything seems to work.
And so, logic:
There is an ajax request on / api/v1/auth, login and the password are transferred. Here immediately the question is:
Do I need to set conditions for the name of the fields or is it better to do it as an array?
If the validation is not successful, then I throw out a json error with code 412, if everything is fine, I check the correspondence of the login and password in the database (of course, I use password_hash), if not successful, I throw Json:
status => error, if everything is successful, then a random value is written to the 'remember_token' cell and I give it out in the response.
So, is this correct? That is, the service, according to the idea, should not store anything, and the client should save this token in cookies (for example), and send it to me with each request, and all the "logic" will be through it?
Thanks

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
E
Eugene, 2016-10-12
@beatleboy

According to the standard, the Error Code should be given in the server response header, for example - authorization error Status: 401. And in json, you additionally give an explanation of the error or debug information. By the way, Laravel 5.3 has ready-made routes for api - you don't need to invent anything. Just throw Exception in any part of the application and Laravel catches them and gives json.
Upon successful authorization, give the token in json. The client must store this, the front end uses local_storage for this.
The front adds a token from the storage to the headers with each request, and the server validates it. According to the standard, the token should be stored only by the client (as opposed to the session). It should also have a short lifespan. And a slightly longer refresh time. Those. if the token is not valid, then you throw it on a special route, which, based on it, will issue a valid token.
PS JWT implementation for laravel

Report
X
xmoonlight, 2016-10-13
@xmoonlight

here

Similar questions
L
lynnikvadim2015-07-30 06:48:09
How to get username by id in Laravel? 2Reply
W
Welaurs2017-07-07 21:48:40
How to connect Bootstrap from npm to Laravel? 1Reply
M
Max Richter2015-07-31 11:30:45
Why does [pdoexception] sqlstate[hy000] [2002] no such file or directory exit in Laravel 5? 4Reply
A
Anton2019-12-07 13:24:20
How to write a competent single ajax-pagination on the site? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question