1. 使用compose安装jwt类，compose没安装的自行百度

(在cmd中切换至tp项目文件夹中运行一下命令，运行成功后会在vendor目录中生成firebase)

composer require firebase/php-jwt

2.在app/common.php引入JWT类，创建生成token、验证token方法

 '',             //签发者 可以为空"aud" => '',             //面象的用户，可以为空"iat" => time(),          //签发时间"nbf" => time() + 3,          //在什么时候jwt开始生效  （这里表示生成100秒后才生效）"exp" => time() + 2000, //token 过期时间'data' => $uid            //记录的userid的信息，这里是自已添加上去的，如果有其它信息，可以再添加数组的键值对);//根据参数生成了 tokenreturn JWT::encode($token, $key, "HS256");}
}
/*** 验证token* $token 生成的token值*/if (!function_exists('checkToken')) {//验证tokenfunction checkToken($token,$key)//这里$key参数应该写在config文件中的，偷懒了..{$status = array("code" => 2);try {JWT::$leeway = 60; //当前时间减去60，把时间留点余地$decoded = JWT::decode($token, new Key($key, 'HS256')); //HS256方式，这里要和签发的时候对应$arr = (array)$decoded;$res['code'] = 200;$res['data'] = $arr['data'];return $res;} catch (SignatureInvalidException $e) { //签名不正确$status['msg'] = "签名不正确";return $status;} catch (BeforeValidException $e) { // 签名在某个时间点之后才能用$status['msg'] = "token未生效";return $status;} catch (ExpiredException $e) { // token过期$status['msg'] = "token失效";return $status;} catch (Exception $e) { //其他错误$status['msg'] = "未知错误";return $status;}}
}

3.创建中间件，建议用命令，手动创建也可以的

（在cmd中切换至tp项目文件夹中运行命令，会自动创建app/middleware/Check.php文件）

php think make:middleware Check

大坑，vue项目一定要处理跨域，不然游览器永远拦截

（Check.php中间件的内容直接复制粘贴，包含了处理跨越请求）

 'true','Access-Control-Max-Age'           => 3800,'Access-Control-Allow-Methods'     => 'GET, POST', 'PUT', 'DELETE','Access-Control-Allow-Headers'     => 'Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With,X-Token',];/*** AllowCrossDomain constructor.* @param Config $config*/public function __construct(Config $config){$this->cookieDomain = $config->get('cookie.domain', '');}/*** 允许跨域请求* @access public* @param Request $request* @param Closure $next* @param array   $header* @return Response*/public function handle($request, Closure $next, ?array $header = []){$header = !empty($header) ? array_merge($this->header, $header) : $this->header;if (!isset($header['Access-Control-Allow-Origin'])) {$origin = $request->header('origin');if ($origin && ('' == $this->cookieDomain || strpos($origin, $this->cookieDomain))) {$header['Access-Control-Allow-Origin'] = $origin;} else {$header['Access-Control-Allow-Origin'] = '*';}}return $next($request)->header($header);}
}

4.控制器（有些代码注释，因为本人用的vue-element-admin后台模板，要整理对应的数据类型）

 /*** 登入后台获取token*/
public function login(Request $request){$data = $request->param();//if ($data['type'] == 'manager'){//使用验证器//$this ->validate($data,Articlevalidate::class);$user = Admin_user::Where('user_name',$data['username'])->find();if (!empty($user) && md5($data['password']) == $user['password']){//$user['roles'] = explode(",", $user['roles']);$token = signToken($user,'!@TQ$%1a8*092&');//这里第二个参数应该写在config文件中的，偷懒了..//$personal_object = new stdClass();//$personal_object->token = $token;//return json(['code'=>200,'data' => $personal_object,'message'=>'登入成功']);return json(['code'=>200,'data' => $token,'message'=>'登入成功']);}else{return json(['code'=>201,'message'=>'用户名或密码错误']);}//}else{//return '非法请求';//}}/*** 获取用户信息,模拟登入后*/public function info(Request $request){//header('X-Token') ，X-Token是Headers台头，刚刚的中间件Check.php,//Access-Control-Allow-Headers这里加上自己定义的Headers头$res = checkToken( $request->header('X-Token'),'!@v-/we#HTQ$%1589*0842&'); // 验证tokenif($res['code'] == 200){return $res;}else{return $res['msg'];}}

5.路由,这里我也做了跨域

//登入
Route::group('admin',function () {Route::post('user/login','app\controller\Admin\Admin_Index_Login@login');//(登入)
})->allowCrossDomain(['Access-Control-Allow-Origin'        => '*','Access-Control-Allow-Headers'       =>'Origin, Content-Type, Cookie, X-CSRF-TOKEN, Accept, Authorization, X-XSRF-TOKEN','Access-Control-Allow-Methods'       =>'GET, POST, PUT, DELETE','Access-Control-Allow-Credentials'   => 'true'
]);//登入后
Route::group('admin',function () {Route::get('user/info','app\controller\Admin\Admin_Index_Login@info');//(获取用户信息)
})->allowCrossDomain(['Access-Control-Allow-Origin'        => '*','Access-Control-Allow-Headers'       =>'Origin, Content-Type, Cookie, X-CSRF-TOKEN, Accept, Authorization, X-XSRF-TOKEN,X-Token','Access-Control-Allow-Methods'       =>'GET, POST, PUT, DELETE','Access-Control-Allow-Credentials'   => 'true'
])->middleware(\app\middleware\Check::class);//中间件的文件路径;

如果是全局中间件,不是就不用理，在app/middleware.php新加以下内容，Session可以不开不影响

6.vue+axios发送请求时设置header信息

// get
axios.get(url, {headers:{token: '123123'}})// post
axios.post(url, data, {headers:{token: '123123'}})