[英]Create auth guard use middleware in laravel 8
我想創建一個新的守衛,它將用於為用戶創建 api,我期望的是中間件(auth:u-api),但它不起作用,只是再次重定向到登錄儀表板不顯示 json
如何在不添加的情況下顯示所有用戶(身份驗證:api)
{
id: 1,
role_id: "1",
username: "adminuser",
email: "admin@gmail.com",
email_verified_at: "2021-02-22T06:02:02.000000Z",
created_at: "2021-02-19T02:42:08.000000Z",
updated_at: "2021-02-22T06:02:02.000000Z",
logged_at: "2021-03-03T20:21:33.000000Z"
}
路線/api.php
Route::middleware('auth:u-api')->get('/halo', function(Request $request){
return $request->user();
});
提供者/RouteServiceProvider.php
public function boot()
{
$this->configureRateLimiting();
$this->routes(function () {
Route::prefix('api')
->middleware('api')
->namespace($this->namespace)
->group(base_path('routes/api.php'));
Route::prefix('u-api') // User API
->middleware('u-api')
->namespace($this->namespace)
->group(base_path('routes/api.php'));
Route::middleware('web')
->namespace($this->namespace)
->group(base_path('routes/web.php'));
});
}
config/auth.php
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'sanctum',
'provider' => 'users',
'hash' => false,
],
'u-api' => [ // User API
'driver' => 'session',
'provider' => 'users',
],
],
app/Http/Kernel.php
class Kernel extends HttpKernel
{
protected $middleware = [
// \App\Http\Middleware\TrustHosts::class,
\App\Http\Middleware\TrustProxies::class,
\Fruitcake\Cors\HandleCors::class,
\App\Http\Middleware\PreventRequestsDuringMaintenance::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
];
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'u-api' => [ // User API
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Session\Middleware\StartSession::class,
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
]
];
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
'role' => \App\Http\Middleware\CheckRole::class,
];
}
如果你想要一個沒有身份驗證的 API,你可以這樣做:
Route::get('/halo', function() {
return User::all();
});
但是,任何人都可以枚舉所有用戶數據。
所以我會添加某種形式的身份驗證+授權,只是為了讓這些細節只有特定用戶才能訪問。
在最簡單的形式中,它看起來像這樣:
Route::middleware('auth:api')->get('/halo', function() {
if (Auth::user()->id !== 1) abort(403);
return User::all();
});
您還可以 go 使用更靈活的spatie/laravel-permission來實現基於角色的方法。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.