reactjs - Laravel 无状态 api jwt-auth 和 csrf 令牌
问题描述
我们正在使用laravel
and构建网站react
。这两个应用程序也分开了,laravel
仅侧面api
和正在运行
api.example.com
和一个react
正在处理的应用程序
example.com
对于身份验证,我们使用JWT
并持有令牌安全的 httpOnly cookie。我们的问题也是我们想使用 CSRF 令牌,但我得到了The payload is invalid.
错误,这就是我所做的
App\Http\Kernel.php
/**
* The application's route middleware groups.
*
* @var array
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
'throttle:60,1',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
];
App\Http\Controllers\Auth\AuthController.php
/**
* Get a JWT via given credentials.
*
* @return \Illuminate\Http\JsonResponse
*/
public function login()
{
$credentials = request(['username', 'password']);
if (!isset($credentials['username']) || !isset($credentials['password'])) {
return response()->json('You need to fill username and password.', 401);
}
$user = User::where('username', '=', $credentials['username'])->first();
if (!($user && Hash::check($credentials['password'], $user->password))) {
return response()->json('invalid_credentials', 401);
}
$token = JWTAuth::fromUser($user);
$payload = JWTAuth::setToken($token)->getPayload();
$cookie = Cookie::queue(Cookie::make('token', $token, config('jwt.ttl'), '/', null, true, true));
return response()->json($user, 200);
}
当我用 Postman 进行测试时,我可以得到
laravel_session, XSRF-TOKEN, token
cookie和登录没有问题,在邮递员上我得到cookie
pm.environment.set("xsrf-token", decodeURIComponent(pm.cookies.get("XSRF-TOKEN")))
使用该代码并将标题添加到
X-XSRF-TOKEN: {{xsrf-token}}
用那个代码。当我在发帖时,我得到了
Illuminate\Contracts\Encryption\DecryptException: The payload is invalid. in file /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php on line 195
我们如何解决这个问题?非常感谢您的帮助。
完全错误:
Illuminate\Contracts\Encryption\DecryptException: The payload is invalid. in file /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php on line 195
#0 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php(136): Illuminate\Encryption\Encrypter->getJsonPayload()
#1 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(154): Illuminate\Encryption\Encrypter->decrypt()
#2 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(136): Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->getTokenFromRequest()
#3 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(74): Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->tokensMatch()
#4 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle()
#5 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(56): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#6 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\Session\Middleware\StartSession->handle()
#7 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#8 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle()
#9 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(66): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#10 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\Cookie\Middleware\EncryptCookies->handle()
#11 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(105): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#12 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Routing/Router.php(683): Illuminate\Pipeline\Pipeline->then()
#13 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Routing/Router.php(658): Illuminate\Routing\Router->runRouteWithinStack()
#14 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Routing/Router.php(624): Illuminate\Routing\Router->runRoute()
#15 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Routing/Router.php(613): Illuminate\Routing\Router->dispatchToRoute()
#16 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(170): Illuminate\Routing\Router->dispatch()
#17 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(130): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}()
#18 /home/vagrant/project/vendor/fruitcake/laravel-cors/src/HandleCors.php(31): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#19 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Fruitcake\Cors\HandleCors->handle()
#20 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#21 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle()
#22 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#23 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle()
#24 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#25 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\Foundation\Http\Middleware\ValidatePostSize->handle()
#26 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(63): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#27 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode->handle()
#28 /home/vagrant/project/vendor/fideloper/proxy/src/TrustProxies.php(57): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#29 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Fideloper\Proxy\TrustProxies->handle()
#30 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(105): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#31 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(145): Illuminate\Pipeline\Pipeline->then()
#32 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(110): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter()
#33 /home/vagrant/project/public/index.php(55): Illuminate\Foundation\Http\Kernel->handle()
#34 {main}
解决方案
推荐阅读
- r - 如何生成一个列,其中每个条目都是来自其他列的元素列表?
- r - 闪亮的模块:处理按钮列表
- ffmpeg - ffmpeg 输出文件大小的增长速度快于电影长度的线性增长
- r - 如何从 modelsummary 包中的 msummary 的 lmer() 模型中提取拟合优度统计信息
- rxjs - 想用rx.js合并多个数据源,支持增删数据源
- reactjs - 用道具反应测试浅快照问题
- scala - 是否有工具可以解释 Scala 程序中每个符号的含义以及如何解析它?
- c# - 查询字符串和字符串比较
- python - R retriculate 直接从 R 代码中执行 python 代码
- java - 在 Google Slides 中打开 ppt 或 pptx,在 Android Studio 中打开 google docs 中的 doc 或 word