laravel - 为 laravel 护照中的每个请求获取“未经身份验证”的消息
问题描述
我正在使用 laravel 版本 6 和 laravel/passport 版本 8。我收到 { "message": "Unauthenticated." 对于每个请求。} 我有各种警卫。 我的配置/auth.php
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'vendors_web' => [
'driver' => 'session',
'provider' => 'vendors',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
'vendors' => [
'driver' => 'passport',
'provider' => 'vendors',
],
'admin' => [
'driver' => 'passport',
'provider' => 'users',
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'vendors' => [
'driver' => 'eloquent',
'model' => App\Vendor::class,
],
],
对于来自 laravel 的每个传出请求,我都使用了护照的预定义中间件\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,它将一个 cookie 附加到包含 accessToken 的传出响应中。因此,对于每个传入的请求,我都有一个中间件auth.api,它获取 cookie 数据(令牌)并将其附加到请求标头。 auth.api 中间件
<?php
namespace App\Http\Middleware;
use Closure;
class AddAuthHeader
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (!$request->bearerToken()) {
if ($request->hasCookie('_token')) {
$token = $request->cookie('_token');
$request->headers->add(['Authorization' => 'Bearer ' . $token]);
}
}
return $next($request);
}
}
内核.php
protected $middleware = [
\App\Http\Middleware\TrustProxies::class,
\App\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\ForceJsonResponse::class,
\App\Http\Middleware\Cors::class,
];
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
// \App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
],
'api' => [
'throttle:60,1',
'bindings',
],
'auth.api' => [
\App\Http\Middleware\AddAuthHeader::class,
'throttle:60,1',
'bindings',
'auth:api',
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
],
];
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'userAuth' => \App\Http\Middleware\userAuth::class,
'adminAuth' => \App\Http\Middleware\adminAuth::class,
'scopes' => \Laravel\Passport\Http\Middleware\CheckScopes::class,
'scope' => \Laravel\Passport\Http\Middleware\CheckForAnyScope::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
'json.response' => \App\Http\Middleware\ForceJsonResponse::class,
'cors' => \App\Http\Middleware\Cors::class,
];
protected $middlewarePriority = [
\App\Http\Middleware\AddAuthHeader::class,
\App\Http\Middleware\Authenticate::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
// \App\Http\Middleware\Authenticate::class,
\Illuminate\Routing\Middleware\ThrottleRequests::class,
\Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\Illuminate\Auth\Middleware\Authorize::class,
];
api.php
Route::group([
'middleware' => ['auth.api', 'auth:vendors', 'cors', 'json.response']
], function(){
Route::get('/vendor-dashboard', "VendorController@dashboard");
//get authenticated user
Route::get('/user', 'Auth\AuthAPIController@user');
//products
Route::get('/vendor-get-products/{type}', 'VendorController@vendorProductListing');
Route::get('/vendor-create-product-view/{id}/{type}', 'VendorController@createVendorProductView');
Route::post('/vendor-create-product/{id}/{type}', 'VendorController@createVendorProduct');
//orders
Route::get('/vendor-orders/{status}/{type}', 'VendorController@getOrders');
Route::post('/vendor-orders/update/{status}/{type}', 'VendorController@orderStatusUpdate');
});
我得到的输出是,登录后,我在浏览器中得到了 cookie。 曲奇饼
如果我在中间件中添加了标头,它会显示带有承载令牌的授权标头,但我仍然会收到经过身份验证的用户错误。错误
解决方案
推荐阅读
- python - 如何从 .yml 加载“null”作为无(str 类),而不是(NoneType 类)?
- swift - 如何对二进制位数执行一些算术运算?
- kaizala - kaizala 自定义操作的 appmodel.json 中“过期”字段的文档
- vb.net - Lambda 检查对象数组上的空值 - ArgumentNullException
- django - 当我在终端中输入 python 时,我应该得到 python2 还是 python3?
- android - 我可以使用 FileProvider 访问 android 的“/system”、“/data”和“/mnt”吗?如果是这样,怎么做?
- android - 无法解决:com.github.Q42:AndroidScrollingImageView:1.3.2 错误
- swift - 快速函数 () -> (Int) -> 字符串
- javascript - 无法从 webpack 包中导入 ES6 模块
- php - 这是旧的 php 语法吗