我一直在努力实现jwt身份验证。
我有3个警卫:
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
],
'remote' => [
'driver' => 'jwt',
'provider' => 'clients',
]
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'caretaker' => [
'driver' => 'eloquent',
'model' => App\Client::class,
],
],
网络警卫将处理从登录页面登录的普通用户。
api防护用于vue前端访问api
远程警卫将对Client表中的用户进行身份验证,这些用户还将访问api
以前,不需要客户端进行身份验证,但是现在,我希望能够发送带有jwt令牌作为查询参数的链接,并对它们进行身份验证和授权,以仅访问选定的路由。
我还有一个定制的中间件,用于处理似乎干扰jwt auth的twofactor身份验证。
如何仅将2fa中间件应用于经过Web Guard认证的用户?
当前看起来像这样:
class TwoFactor
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$user = Auth::user();
$allowUserLogin = false;
$userOrg = UserOrganization::where('user_id', $user->id)->first();
$org = Organization::where('id', $userOrg->org_id)->first();
if($org->enable_two_factor_auth == true)
{
if(auth()->check() && $user->token_2fa)
{
if($user->token_2fa_expiry->lt(now()))
{
$user->resetTwoFactorCode();
auth()->logout();
return redirect()->route('login')
->withMessage('The two factor code has expired. Please login again');
}
if(!$request->is('verify*'))
{
return redirect()->route('verify.index');
}
}
return $next($request);
}
return $next($request);
}
}
Kernel.php:
class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* @var array
*/
protected $middleware = [
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\TrustProxies::class,
];
/**
* The application's route middleware groups.
*
* @var array
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
'throttle:60,1',
'bindings',
],
'remote' => [
'throttle:60,1',
'bindings',
]
];
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* @var array
*/
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'assign.guard' => \App\Http\Middleware\AssignGuard::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'edit_caretaker' => EditCaretaker::class,
'admin' => Admin::class,
'auth.role' => \App\Http\Middleware\RoleAuthorization::class,
'twofactor' => \App\Http\Middleware\TwoFactor::class,
//'jwt.role' => \App\Http\Middleware\JwtMiddleware::class,
'jwt.auth' => 'Tymon\JWTAuth\Middleware\GetUserFromToken',
'jwt.refresh' => 'Tymon\JWTAuth\Middleware\RefreshToken',
];
}
我在通过远程防护进行身份验证时也遇到了其他问题。但除非在此变得有意义,否则我将把它留给另一个问题。
很高兴向我提供详细信息