[英]401 unauthorized error when accessing protected controller, using passport and axios
我正在使用带有预设反应的laravel 5.8。 目前,我正在尝试进行身份验证,我决定在后端使用护照,在后端使用axios,但是在向受保护的控制器AdminController @ index发出axios请求时出现此错误
GET http://localhost:8000/api/admin/index 401 (Unauthorized)
我希望不会得到它,因为我认为我已验证用户身份
我遵循了laravel护照安装指南,现在我可以注册,登录用户并获取访问令牌,但是似乎用户注销了新的axios请求,因为我收到401错误。 这是一些背景
在中间件中,我添加了这一行
protected $middleware = [
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
]
//in AuthServiceProvider I added this and added Carbon because of error
Passport::routes(function ($router) {
$router->forAccessTokens();
$router->forPersonalAccessTokens();
$router->forTransientTokens();
});
Passport::tokensExpireIn(Carbon::now()->addMinutes(10));
Passport::refreshTokensExpireIn(Carbon::now()->addDays(10));
Passport::cookie('user_data');
在用户模型中,我添加了
use Notifiable, HasApiTokens;
//and
protected $primaryKey = 'id';
将auth:api驱动程序更改为通行证
'api' => [
'driver' => 'passport',
'provider' => 'users',
'hash' => false,
],
这是我的迁移表
Schema::create('users', function (Blueprint $table) {
$table->bigIncrements('id');
$table->string('name')->unique();
$table->string('password');
$table->rememberToken();
$table->timestamps();
});
这是我的登录并注册几乎相同的axios请求
var bodyFormData = new FormData;
bodyFormData.append('name', this.state.name);
bodyFormData.append('password', this.state.password);
axios({
method: 'post',
url: '/api/login',
data: bodyFormData,
config: { headers: {'Content-Type': 'multipart/form-data' }}
})
.then(function (response) {
if(response.data.auth){
var cookies = new Cookies();
cookies.set('access_token', response.data.access_token, { path: '/' });
}
})
.catch(function (response) {
});
这是我的API路线:
//this one is to register using passport
Route::post('/register', 'AuthenticateController@register');
//this one is to login using passport
Route::post('/login', 'AuthenticateController@login');
//this one is to check if user is authenticated
Route::post('/check', 'AuthenticateController@test');
//this one has methods which I want to protect
Route::get('/admin/index', 'AdminController@index');
这是我的AuthenticationController,它为我提供了访问令牌,注册和登录信息,似乎可以正常工作
public function register(Request $request){
$validatedData = $request->validate([
'name' => 'required|max:55|unique:users',
'password' => 'required'
]);
$validatedData['password'] = bcrypt($request->password);
$user = User::create($validatedData);
$accessToken = $user->createToken('authToken')->accessToken;
return response()->json(["user" => $user, "token" => $accessToken]);
}
public function login(Request $request)
{
$loginData = $request->validate([
'name' => 'required',
'password' => 'required'
]);
if(!auth()->attempt($loginData, true)) {
return response(['auth' =>
false]);
}
$accessToken = auth()->user()->createToken('authToken')->accessToken;
return response(['user' => auth()->user(), 'access_token' =>
$accessToken, 'auth' => true]);
}
public function check(){
$check= auth()->check();
return response(['user' => $check]);
}
这是我的AdminController在执行索引方法时抛出401错误
//as I understood after login I can protect my api with middleware line for example 10 minutes, but unsuccessfully
public function __construct()
{
$this->middleware('auth:api');
}
public function index(){
return response(['foto' => 'testing protection']);
}
这是我的反应组件axios请求,它引发了401错误
axios.get("/api/admin/index", {
headers : {
'Content-Type' : 'application/json',
'Accept' : 'application/json',
'Authorization' : 'Bearer' + cookie.get('access_token')
}})
.then(function (response) {
alert(response.data.foto);
})
.catch(function (response) {
alert("bad")
})
//I tried
// headers.append('Authorization', 'bearer ' + cookie.get('access_token'));
// headers.append('Authentication', 'bearer ' + cookie.get('access_token'));
// headers.append('Authorization', 'JWT ' + cookie.get('access_token'));
// headers.append('Authorization', cookie.get('access_token'));
// but error persists
我只想使用middleware(auth:api)
保护我的api middleware(auth:api)
还auth->check()
给我假,我觉得不好
所以我发现了我的错误,而不是使用
headers : {
'Authorization' : 'Bearer' + cookie.get('access_token')
}
我不得不用
//added space
headers : {
'Authorization' : 'Bearer ' + cookie.get('access_token')
}
但是我要做的一件奇怪的事是在内核中间件中添加以下行:
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Session\Middleware\StartSession::class
我只是尝试使用邮递员而不是axios,并收到错误消息会话存在问题,此后很容易找到所需的部分
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.