如何防止两个Laravel中间件创建无限重定向?

时间:2018-09-27 03:50:27

标签: laravel middleware

我有两个不是路由中间件的中间件。它们专门用于确保已登录用户有两件事。付款和文件签名。

我的kernel.php:

    protected $middleware = [
    'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
    'Illuminate\Cookie\Middleware\EncryptCookies',
    'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
    'Illuminate\Session\Middleware\StartSession',
    'Illuminate\View\Middleware\ShareErrorsFromSession',
    'App\Http\Middleware\VerifyCsrfToken',
    'App\Http\Middleware\AuthenticateSigned',
    'App\Http\Middleware\FeesOwed',
    'App\Http\Middleware\DeniedAccess'
];

造成此问题的原因是AuthenticateSigned和FeesOwed

第一个AuthenticateSigned:

public function handle($request, Closure $next)
{
    if ($this->auth->guest())
    {
        if ($request->ajax()){
            return response('Unauthorized.', 401);
        } else {
            return redirect()->guest('login');
        }

    } else if(!$this->auth->user()->role->administrator){ // the users not an admin

        if(!$this->auth->user()->agreement_id || $this->auth->user()->signed_current_membership_agmt == 0 ){
            if ($request->ajax()){
                return response('Unauthorized.', 401);
            } else {
                return redirect()->route('agreement');
            }
        }

        return $next($request);

    } 

    return $next($request);

}

那么我的欠费额:

public function handle($request, Closure $next)
{

    $uri = $request->server()['REQUEST_URI'];

    if($this->auth->user() 
        && $this->auth->user()->role_id != 3
        && $this->auth->user()->unpaidFees() // Does the user have past due fees
        && $uri != '/profile/investment-fees' // view of form to pay fees
        && $uri != '/profile/charge-investment-fees' // post request to pay fees
        && $uri != '/profile/pay-payment'

        && $uri != '/logout'
        //&& !$this->auth->user()->role->administrator // admins shouldn't be subject to this
        ){
        \Session::flash('message','You must pay past due management fees before using the rest of the members platform.');

        return redirect()->route('profile.investment-fees');
    } 

    return $next($request);
}

我已经阅读了很多SO帖子和laracast,并且所有注释都是"your missing a return $next($request);"或它们是路由中间件。

这些中间件一直运行,因为有时对于用户来说,重要的是要知道他们需要签署新协议或支付费用。

任何帮助将不胜感激。 谢谢

1 个答案:

答案 0 :(得分:4)

当来宾用户尝试访问/login时,AuthenticateSigned中间件会将其重定向到/login,从而导致无限重定向循环。

当请求的URL与您尝试重定向的URL相同时,请避免重定向。

相关问题
最新问题