In this post, we will learn how to integrate the JWT (JSON Web Tokens) middleware in Lithe, providing robust and secure authentication for your API. The use of JWT allows you to authenticate users and protect sensitive routes simply and efficiently.

What is JWT?

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for transmitting information between parties as a JSON object. These tokens can be used for authentication, allowing you to maintain a user's session without the need to store information on the server. JWT consists of three parts: header, payload, and signature.

Step 1: Setting Up the Environment

1. Installing LitheFirst, install Lithe if you haven't done so yet. Run the following command in the terminal:

composer create-project lithephp/lithephp project-namecdproject-name

Step 2: Installing the JWT Middleware

1. Installing the JWT PackageTo use the JWT middleware, you need to install thelithemod/jwt package. Execute:

composer require lithemod/jwt

1. Starting the ApplicationOpen the main filesrc/App.php and add the following code to start the application:

usefunctionLithe\Orbis\Http\Router\router;$app=new\Lithe\App;$app->use('/api',router(__DIR__.'/routes/api'));$app->listen();

Step 3: Protecting Routes with JWT

1. Creating a Protected RouteIn your Lithe project, you can create a route that requires authentication. For example, create a file namedsrc/routes/api.php and add:

useLithe\Http\{Request,Response};usefunctionLithe\Orbis\Http\Router\{get};$auth=new\Lithe\Auth\JWT();get('/protected',$auth,function(Request$req,Response$res){$user=$req->user;// User datareturn$res->json(['message'=>'This is a protected content!']);});

Step 4: Generating JWT Tokens

1. Creating a Login RouteCreate a route for authentication where users can obtain a JWT token. Add the following in the same filesrc/routes/api.php:

useLithe\Http\{Request,Response};usefunctionLithe\Orbis\Http\Router\{post};post('/login',function(Request$req,Response$res){$body=$req->body();// Assuming the request body contains 'username' and 'password'// Here you should validate the user's credentials (simplified example)if($body->username==='admin'&&$body->password==='password'){$user=['id'=>1];// Example user$token=(new\Lithe\Auth\JWT())->generateToken($user);return$res->send(['token'=>$token]);}return$res->status(401)->json(['message'=>'Invalid credentials']);});

Final Considerations

With this, you have successfully integrated the JWT middleware into Lithe, allowing for secure authentication and protection of sensitive routes. It is important to remember that when using JWT, you should define a secure and secret key when instantiating the JWT object by passing it as the first parameter:new JWT('your_secret_key'). This key should be complex and kept secret to prevent fraud.

Now you can expand your application as needed and implement additional features such as token revocation and session management.

To dive deeper into JWT, you can check out the official documentationhere.

Feel free to share your experiences and questions in the comments!