laravel - Laravel 身份验证中间件
问题描述
我有一个控制器,在我的控制器中我有一个索引函数,可以将数据返回给用户。
用户可以过滤他们希望索引函数返回的查询。
我注意到,auth:api
当我尝试调用Auth::user()
.
现在我的函数返回数据库中的所有事件。用户可以像这样过滤结果?filter=my
以返回他们创建的事件列表。这里的问题是用户必须先登录才能看到他们创建的事件。
我的问题是,如果我将这条路线包裹起来,auth:api
那么来宾用户将无法使用它。但是,如果我不这样做,那么需要用户登录的特定过滤器将始终返回空。
这是我的控制器:
public function index(Request $request)
{
$categoryId = $request->get("category_id");
$userId = Auth::check() ? Auth::user()->id : 0;
$filter = $request->get("filter");
$keyword = $request->get("keyword");
$events = Event::with(["category", "organisers", "banners", "schedules.ticketTypes", "schedules.venue", "schedules.programme"])
->when(!empty($categoryId), function ($query) use ($categoryId) {
return $query->where("category_id", $categoryId);
})
->whereNull("suspended_at")
->when($filter == "popular", function ($query) use ($categoryId) {
return $query->orderBy("views", "DESC")
->limit(15);
})
->when($filter == "upcoming", function ($query) {
return $query->whereHas("schedules", function ($query) {
$query->where("date", ">=", Carbon::now())
->where("date", "<", Carbon::now()->addDays(14))
->limit(15);
});
})
/* This part requires the auth:api middleware since I will be querying based on the user's id which I will get from the auth token passed in thee header.*/
->when($filter == "my", function ($query) use ($userId) {
return $query->whereHas("organisers", function ($query) use ($userId) {
$query->where("id", $userId)
->limit(15);
});
})
->when($filter == "search" && !empty($keyword), function ($query) use ($keyword) {
return $query->where("slug", "LIKE", "%" . $keyword . "%");
})
->get();
return EventResource::collection($events);
}
这是我的Kernel.php:
<?php
namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* @var array
*/
protected $middleware = [
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\TrustProxies::class,
\Barryvdh\Cors\HandleCors::class,
];
/**
* The application's route middleware groups.
*
* @var array
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
'throttle:60,1',
'bindings',
],
];
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* @var array
*/
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'acl' => \Kodeine\Acl\Middleware\HasPermission::class
];
}
总之,我的索引功能不需要用户登录即可访问它。但是,当您将过滤器传递?filter=my
给 url 时,用户需要登录才能返回数据,因为该函数将根据用户的 id 返回结果。
编辑: 以前在这种情况下,当我使用 tymon/jwt-auth 包时,我会使用jwt.check中间件。但是,似乎没有等效的护照。
解决方案
更新过滤器my
如下:
->when($filter == "my" && $userId != 0, function ($query) use ($userId) {
...
})
$userId
为 0时将被忽略。
推荐阅读
- javascript - $on 以 $broadcast name 作为第一个参数
- reactjs - 使用 env 变量将内联脚本插入到 index.html
- css - Sass Loader for webpack:如何获取 CSS 文件而不是内联样式?
- sql - Varchar(max) SQL 中的更新部分
- github - 推入github后获得权限被拒绝
- python - 带有重定向的 Django HttpResponse
- cucumber - 我可以为多个场景大纲使用一个示例吗
- google-signin - 仅使用 google-signin 获取电子邮件
- latex - 乳胶首字母缩略词包“acronym.sty 未找到”
- django - django 模板中的错误 {% trans %}