由用户会话验证的Laravel API路由-Java 学习之路

我已经开始研究现有的Laravel 5.2项目了 . 我需要为应用程序的前端构建一些基本的API请求来与数据库通信 . 这些路由需要由用户的会话进行身份验证 .

我尝试使用auth：api驱动程序设置中间件，并在../config/auth.php中将api ['driver']设置为'session' . 但是，即使用户使用所有权限和角色进行身份验证，我仍然会将302重定向到登录页面 .

有人可以推荐一些关于如何基于用户会话实现API身份验证的阅读或其他解决方案的想法吗？

来自routes / api.php：

Route::group(["middleware" => ["auth:api"]], function () {
    // results in 302 redirect to /login
    Route::get('test', function(){
        return "TEST";
    });    

});

来自config / auth.php

'guards' => [
'web' => [
    'driver' => 'session',
    'provider' => 'users',
],

'api' => [
    'driver' => 'session',
    'provider' => 'users',
],

应用程序/ HTTP / Kernel.php

<?php

namespace App\Http;

use Illuminate\Foundation\Http\Kernel as HttpKernel;

class Kernel extends HttpKernel
{
    /**
     * The application's global HTTP middleware stack.
     *
     * These middleware are run during every request to your application.
     *
     * @var array
     */
    protected $middleware = [
        \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
        \App\Http\Middleware\NoCache::class,
    ];

    /**
     * The application's route middleware groups.
     *
     * @var array
     */
    protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],

        'api' => [
            'throttle:60,1',
            'bindings',
        ],
    ];

    /**
     * The application's route middleware.
     *
     * These middleware may be assigned to groups or used individually.
     *
     * @var array
     */
    protected $routeMiddleware = [
        'auth' => \App\Http\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
        'can' => \Illuminate\Auth\Middleware\Authorize::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        'role' => \Zizaco\Entrust\Middleware\EntrustRole::class,
        'permission' => \Zizaco\Entrust\Middleware\EntrustPermission::class,
        'ability' => \Zizaco\Entrust\Middleware\EntrustAbility::class,
        'dashboard' => \App\Http\Middleware\dashboardMiddleware::class,
        'system' => \App\Http\Middleware\systemMiddleware::class
    ];
}

1 回答

-2

问题是您没有在请求中传递任何身份验证标头，因此，很明显它会将您重定向到登录屏幕，即使您使用邮递员访问API也是如此 .

要证明这一点，请尝试从路由文件中的以下行 Route::group(["middleware" => ["auth:api"]], ... 中删除 auth 中间件，如果您按下测试路线，则应该能够将TEST作为响应 . 另外，请记住我们的api会自动将api /前缀绑定到所有api路由 . 因此，您应该向 /api/test 发出请求，然后您应该返回TEST .

如果您想在您的api中加入auth，请阅读Laravel's Passport docs . 如果您想要更简单的东西，请从docs中的onceBasic Auth中间件开始 .

我希望这能以正确的方式指出你！

如果您有任何其他问题，请与我们联系 .

干杯!

回复于 2024-05-06T21:05:38+08:00

由用户会话验证的Laravel API路由

1 回答

相关问题