注销不适用于Laravel JWT-auth

Question

I'm using JWT-auth with Laravel Framework to authenticate a user. Laravel is used as server-end framework and the fore-end code is in the framework which is developed by our own. So we use api not web to realize authentication. Login works well in this environment, whereas logout and refresh token can't perform as I wish. I configure everything as JWT-auth documentation says.

route.php

Route::group(['middleware' => 'api', 'prefix' => 'user', 'namespace' => 'User'], function () {
   Route::post('/login', 'AuthController@login'); // login
   Route::post('/logout', 'AuthController@logout'); // logout (invalidate token)
   Route::post('/refresh', 'AuthController@refresh'); // refresh token});

kernel.php

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        // \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],

    'api' => [
        'throttle:60,1',
        'bindings',
    ],
];

auth.php

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],

    'api' => [
        'driver' => 'jwt',
        'provider' => 'users',
    ],
],

'providers' => [
    'users' => [
        'driver' => 'password',
        'model' => App\User::class,
    ],

    /*'users' => [
        'driver' => 'database',
        'table' => 'user',
    ],*/
],

User\\AuthController

<?php

namespace App\Http\Controllers\User;

use Illuminate\Support\Facades\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use AjaxResponse;
use Log;

class AuthController extends Controller
{
    /**
     * Create a new AuthController instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('auth:api', ['except' => ['login']]);
    }

    /**
     * login
     * @param Request $request 
     * @return mixed
     */
    public function login(Request $request)
    {
        $credentials = $request->only('phone', 'password');

        if (! $token = auth()->attempt($credentials)) {
            return AjaxResponse::fail(4001);
        }

        return $this->respondWithToken($token);
    }

    /**
     * logout（invalidate token）
     * @return \Illuminate\Http\JsonResponse
     */
    public function logout()
    {
        Log::debug('yyyyyyyyy');
        auth()->logout();

        return AjaxResponse::succeed(['message' => 'Successfully logged out']);
    }

    /**
     * refresh token
     * @return \Illuminate\Http\JsonResponse
     */
    public function refresh()
    {
        return $this->respondWithToken(auth()->refresh());
    }

    /**
     * get token structure
     * @param $token
     * @return mixed
     */
    protected function respondWithToken($token)
    {
        if (Auth::user()['deleted_at'] || ! Auth::user()['is_active'])
            return AjaxResponse::fail(4001);
        else
            return AjaxResponse::succeed([
                'access_token' => $token,
                'token_type' => 'bearer',
                'expires_in' => auth()->factory()->getTTL() * 60,
                'user_name' => Auth::user()['name'],
                'user_admin' => (bool)Auth::user()['is_admin']
            ]);
    }
}

'yyyyyyyyy' can't be logged. So it seems that the logout function in AuthController wasn't called.

Is there anything wrong I've written or missed? Thanks in advance.

Answer 1

After a few tryings, I've changed the AuthController's constructor and it worked.

User\\AuthController

public function __construct()
{
    $this->middleware('auth:api', ['except' => ['login', 'refresh', 'logout']]);
}

I've added functions as value of 'except', in which I expected to invalidate the present session.