我正在将Laravel 7用于一个新项目,该项目中我拥有不同类型的用户,例如customers
。
我允许客户通过UI登录,然后有特定的端点,我希望这个customers
防护人员可以呼叫该端点,但是似乎无法正常工作。任何帮助将不胜感激。
我的监护人和提供者的定义如下:
'customers' => [
'driver' => 'session',
'provider' => 'customers',
],
'api-customers' => [
'driver' => 'passport',
'provider' => 'customers',
'hash' => false,
],
我尝试使用Axios到达的路由在routes/api.php
中进行了定义,并且我尝试了几种不同的中间件,但都行不通:
auth:api
auth.customers
auth:api
是我尝试的默认防护,然后我创建了一个AuthedCustomers.php
中间件(下面的代码),该中间件检查Auth::guard('customers')->check()
是否返回true,并使用键将其定义为路由中间件auth.customers
,如上所示。
AuthedCustomers.php
<?php
namespace App\Http\Middleware;
use Closure;
use Auth;
use Illuminate\Http\JsonResponse;
use Symfony\Component\HttpFoundation\Response;
class AuthCustomers
{
public function handle($request, Closure $next)
{
if (Auth::guard('customers')->check() === false) {
return new JsonResponse([
'success' => false,
'message' => 'Unauthenticated',
], Response::HTTP_FORBIDDEN);
}
return $next($request);
}
}
我的请求似乎已应用了XSRF令牌,这是完整的请求:
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate
Accept-Language: en,en-GB;q=0.9,en-US;q=0.8,pt;q=0.7,es;q=0.6,fr;q=0.5,de;q=0.4
Connection: keep-alive
Content-Length: 2
Content-Type: application/json;charset=UTF-8
Cookie: XSRF-TOKEN=eyJpdiI6IkY4ZDZCeGd6cUZHcHF3TEpuY0U0M0E9PSIsInZhbHVlIjoiT0xZeFpxQUZmTlNPWEZ6bUF2SUtNdkEyN2pwejZLenNmdEZCVzdvYytndlVteGs3T3FSc00wMTRXRHB4bGhNWCIsIm1hYyI6ImE2NmM4MWQ1NDEyYjNiMjYxYjM1YTBlMWY5OWQ4M2ZhZTQ5MmRjYzA2ODA0YWYyNTc5N2YwNTE3NDE1ZTU2ZDYifQ%3D%3D; cradlemoney_session=eyJpdiI6ImcraW5QdGplL1p0dGhnK2Q0THBZYkE9PSIsInZhbHVlIjoibGZ2UDNkZytoS2NBdEhsbGVKbnh0b0ZWTm9UTjNLVUdwSFZtazBidEgvSXdKNEhqQzBjV3FpaXdqdEp2amZFZSIsIm1hYyI6Ijk2NDY4YTdlOWYzOTJlODI0M2RjMGI2ZThjNDI5ZDBjMzk5ZGZjYjc1ODk4ZGYxMGQ2OTQzYmYxZDEyNWRmZjIifQ%3D%3D
DNT: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
X-Requested-With: XMLHttpRequest
X-XSRF-TOKEN: eyJpdiI6IkY4ZDZCeGd6cUZHcHF3TEpuY0U0M0E9PSIsInZhbHVlIjoiT0xZeFpxQUZmTlNPWEZ6bUF2SUtNdkEyN2pwejZLenNmdEZCVzdvYytndlVteGs3T3FSc00wMTRXRHB4bGhNWCIsIm1hYyI6ImE2NmM4MWQ1NDEyYjNiMjYxYjM1YTBlMWY5OWQ4M2ZhZTQ5MmRjYzA2ODA0YWYyNTc5N2YwNTE3NDE1ZTU2ZDYifQ==
请求
Request URL: /api/customer/6
Request Method: PATCH
Status Code: 403 Forbidden
Remote Address: 127.0.0.1:80
Referrer Policy: no-referrer-when-downgrade
响应:
{"success":false,"message":"Unauthenticated"}
使用默认保护程序通过auth:api
保护api路由时,我没有问题,但是我无法终生获得axios身份验证来为我的customers
保护程序工作,尝试和诊断的任何帮助我的问题将不胜感激。