基于 Laravel 会话的 auth:api 中间件不起作用
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/40619625/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel session based auth:api middleware not working
提问by Johannes
I tried using the Auth Scaffolding of Laravel 5.3 including the api routes. I wanted to use the session driver for the api guard, but apparently this has no impact whatsoever. After I log into the application with a valid user (so I get from /loginto /home) I tried entering the path /api/user, but it always redirects me to /home. The RedirectIfAuthenticatedmiddleware redirects the user.
我尝试使用 Laravel 5.3 的 Auth Scaffolding,包括 api 路由。我想将会话驱动程序用于 api 防护,但显然这没有任何影响。在我使用有效用户登录应用程序后(所以我从/login到/home)我尝试输入路径/api/user,但它总是将我重定向到/home. 该RedirectIfAuthenticated中间件将用户重定向。
Here is what I tried and a quick overview of the test application:
以下是我的尝试以及测试应用程序的快速概览:
// In "app\Http\Middleware\RedirectIfAuthenticated.php"
if (Auth::guard($guard)->check()) {
return redirect('/home');
}
$guardis null, and the if is true when browsing to /api/user.
$guard为空,浏览到 时 if 为真/api/user。
// In "config\auth.php"
'api' => [
'driver' => 'session', // changed from token to session
'provider' => 'users',
],
I changed the driver of the api guard to session.
我将 api 守卫的驱动程序更改为session.
// In "app\Http\Kernel.php"
'api' => [
'throttle:60,1',
'bindings',
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Session\Middleware\StartSession::class,
],
I added the middlewares to support cookies in the api middleware
我在api中间件中添加了中间件来支持cookies
// In "routes\api.php"
Route::get('/user', function (Request $request) {
return $request->user();
})->middleware('auth:api');
This is an example that comes with a new Laravel installation.
这是一个新的 Laravel 安装附带的示例。
// In "app\Providers\RouteServiceProvider.php"
Route::group([
'middleware' => 'api',
'namespace' => $this->namespace,
'prefix' => 'api',
], function ($router) {
require base_path('routes/api.php');
});
The apimiddleware is applied to all the routes defined in the api.phpfile.
该api中间件应用到中定义的所有路由api.php文件。
I want to be able to query my API after a user has logged in without using tokens, etc. The app I wrote with Laravel 5.2 had basically the same route but only the webmiddleware group and authmiddleware applied to it. In Laravel 5.3, adding the authmiddleware leads to the described problem.
我希望能够在用户登录后不使用令牌等查询我的 API。我用 Laravel 5.2 编写的应用程序具有基本相同的路由,但只应用了web中间件组和auth中间件。在 Laravel 5.3 中,添加auth中间件会导致上述问题。
edit: With my configuration I tried the following:
编辑:通过我的配置,我尝试了以下操作:
// In "routes\web.php"
Route::get('/test', function (Request $request) {
return "test";
})->middleware(['auth']);
This works perfectly fine, but this doesn't, although the weband the apiguard are exactly the same inside the auth.php.
这工作完全正常,但是这不,虽然web和api后卫是完全一样的内部auth.php。
Route::get('/test', function (Request $request) {
return "test";
})->middleware(['auth:api']);
回答by Andrea Mauro
I had the same issue of getting redirected to the /homewhile accessing my API routes even if I was already logged in.
Try changing the order of your api middlewares in App\Http\Kernel.phpand place bindingsin last position so your custom middlewares are executed first.
/home即使我已经登录,我在访问我的 API 路由时也遇到了同样的问题。尝试更改 api 中间件的顺序App\Http\Kernel.php并将其放置bindings在最后一个位置,以便首先执行您的自定义中间件。
