我对laravel api中间件组使用JWT身份验证。这是我的路线配置:
Route::group(['middleware' => ['api']], function() {
Route::post('login', 'AuthController@login');
Route::post('test', 'AuthController@test');
});
此代码运行良好,并且我无法未经授权访问AuthController类的test方法:
class AuthController extends Controller
{
public function __construct()
{
$this->middleware(['jwt.auth'])->except('login');
}
public function login()
{
//...
}
public function test()
{
//...
}
}
但是当我更改路由配置以动态标识控制器的方法名称时(如下面的代码片段所示),身份验证将不再起作用,并且我可以在没有承载令牌的情况下访问test方法!
Route::group(['middleware' => ['api']], function() {
Route::post('/{controller}/{method}', function ($controller, $method) {
$controllerClass = 'App\\Http\\Controllers\\'.$controller.'Controller';
if(method_exists($controllerClass, $method))
{
$controller = App::make($controllerClass);
return $controller->callAction($method, array());
}
return abort(404);
});
});
有什么主意吗?