堆棧內存溢出
  簡體   English   中英

在 laravel 8 中創建 auth guard 使用中間件

[英]Create auth guard use middleware in laravel 8

 原文  2021-03-14 02:50:35       php/ laravel/ api/ laravel-8/ laravel-middleware

問題描述

我想創建一個新的守衛,它將用於為用戶創建 api,我期望的是中間件(auth:u-api),但它不起作用,只是再次重定向到登錄儀表板不顯示 json

演示

如何在不添加的情況下顯示所有用戶(身份驗證:api)

{
    id: 1,
    role_id: "1",
    username: "adminuser",
    email: "admin@gmail.com",
    email_verified_at: "2021-02-22T06:02:02.000000Z",
    created_at: "2021-02-19T02:42:08.000000Z",
    updated_at: "2021-02-22T06:02:02.000000Z",
    logged_at: "2021-03-03T20:21:33.000000Z"
}

路線/api.php

Route::middleware('auth:u-api')->get('/halo', function(Request $request){
    return $request->user();
});

提供者/RouteServiceProvider.php

    public function boot()
    {
        $this->configureRateLimiting();

        $this->routes(function () {
            Route::prefix('api')
                ->middleware('api')
                ->namespace($this->namespace)
                ->group(base_path('routes/api.php'));

            Route::prefix('u-api') // User API
                ->middleware('u-api')
                ->namespace($this->namespace)
                ->group(base_path('routes/api.php'));

            Route::middleware('web')
                ->namespace($this->namespace)
                ->group(base_path('routes/web.php'));
        });
    }

config/auth.php

'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'api' => [
            'driver' => 'sanctum',
            'provider' => 'users',
            'hash' => false,
        ],

        'u-api' => [ // User API
            'driver' => 'session',
            'provider' => 'users',
        ],
    ],

app/Http/Kernel.php

class Kernel extends HttpKernel
{
    protected $middleware = [
        // \App\Http\Middleware\TrustHosts::class,
        \App\Http\Middleware\TrustProxies::class,
        \Fruitcake\Cors\HandleCors::class,
        \App\Http\Middleware\PreventRequestsDuringMaintenance::class,
        \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
        \App\Http\Middleware\TrimStrings::class,
        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
    ];

    protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            // \Illuminate\Session\Middleware\AuthenticateSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],

        'api' => [
            \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
            'throttle:api',
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],

        'u-api' => [ // User API
            \App\Http\Middleware\EncryptCookies::class,     
            \Illuminate\Session\Middleware\StartSession::class,
            'throttle:api',
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ]
    ];

    protected $routeMiddleware = [
        'auth' => \App\Http\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
        'can' => \Illuminate\Auth\Middleware\Authorize::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
        'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
        'role' => \App\Http\Middleware\CheckRole::class,
    ];
}

1 個解決方案

解決方案1
 1  2021-03-14 03:15:10

如果你想要一個沒有身份驗證的 API,你可以這樣做:

Route::get('/halo', function() {
    return User::all();
});

但是,任何人都可以枚舉所有用戶數據。

所以我會添加某種形式的身份驗證+授權,只是為了讓這些細節只有特定用戶才能訪問。

在最簡單的形式中,它看起來像這樣:

Route::middleware('auth:api')->get('/halo', function() {
    if (Auth::user()->id !== 1) abort(403);
    return User::all();
});

您還可以 go 使用更靈活的spatie/laravel-permission來實現基於角色的方法。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 Laravel:通過中間件指定Auth :: guard()嗎? Laravel:身份驗證中間件中的多重防護 Laravel 7,僅使用身份驗證保護 Laravel auth :: guard('web')-> user()在身份驗證中間件中為null 如何使用防護作為中間件在LARAVEL中對用戶進行身份驗證 如何在Laravel中創建自定義基本身份驗證或使用兩個中間件 Laravel 5.2:如何在中間件中使用auth 如何在Laravel 5.4的身份驗證中間件中使用驗證碼 Laravel 5.2的多重身份驗證使用中間件 Laravel 5.2 Auth門面和Auth :: guard($ guard)
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM