当我在邮递员上使用api登录到localhost:8080 /时,我得到了令牌(我正在使用JWT-auth进行api身份验证),但是当我尝试使用该令牌进行身份验证时,它表示未认证。
但是如果我使用php artisan serve也是一样,它完全可以正常工作。
关于我的项目的重要事项:
php版本:7.3.5
apache版本:2.4.39
laravel版本:6.18.42
JWT身份验证版本:1.0
注意:这是多重身份验证系统
登录控制器
<?php
namespace App\Http\Controllers\Buyer;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use App\Models\Buyer\Buyer;
use App\Models\Buyer\TempBuyer;
use App\Models\Seller\Seller;
use App\Models\Seller\TempSeller;
use Carbon\Carbon;
use Log;
use Validator;
use Str;
class LoginController extends Controller
{
public function login(Request $request)
{
$rules = [
'email_or_phone' => 'required',
'password' => 'required'
];
$messages = [
'email_or_phone.required' => 'Email or phone is required.',
'password.required' => 'Password is required.'
];
// Validation of coming credentials
$validator = Validator::make($request->json()->all(), $rules, $messages);
if ($validator->fails())
{
return response()->json($validator->errors(), 400);
}
else
{
$data = $request->json()->all();
if (filter_var($data['email_or_phone'], FILTER_VALIDATE_EMAIL))
{
$credentials['email'] = $data['email_or_phone'];
}
else
{
$credentials['phone'] = $data['email_or_phone'];
}
$credentials['password'] = $data['password'];
if (! $token = auth('buyer')->attempt($credentials))
{
return response()->json(['message' => 'Credentials are not correct.'], 401);
}
else
{
if (auth('buyer')->user()->is_active)
{
return response()->json([
'token' => $token,
'buyer' => auth('buyer')->user(),
'token_type' => 'bearer',
'expires_in' => auth('buyer')->factory()->getTTL() * 60
], 200);
}
else
{
return response()->json(['message'=> 'Your account is currently inactivated.'], 200);
}
}
}
}
public function buyer()
{
$buyer = auth('buyer')->user();
return response()->json($buyer);
}
}
config \ auth.php
<?php
return [
/*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option controls the default authentication "guard" and password
| reset options for your application. You may change these defaults
| as required, but they're a perfect start for most applications.
|
*/
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "session", "token"
|
*/
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'jwt',
'provider' => 'users',
],
'buyer' => [
'driver' => 'jwt',
'provider' => 'buyers'
],
'seller' => [
'driver' => 'jwt',
'provider' => 'sellers'
]
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| If you have multiple user tables or models you may configure multiple
| sources which represent each model / table. These sources may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'buyers' => [
'driver' => 'eloquent',
'model' => App\Models\Buyer\Buyer::class
],
'sellers' => [
'driver' => 'eloquent',
'model' => App\Models\Seller\Seller::class
]
// 'users' => [
// 'driver' => 'database',
// 'table' => 'users',
// ],
],
/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
|
| You may specify multiple password reset configurations if you have more
| than one user table or model in the application and you want to have
| separate password reset settings based on the specific user types.
|
| The expire time is the number of minutes that the reset token should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/
'passwords' => [
'users' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 60,
'throttle' => 60,
],
],
/*
|--------------------------------------------------------------------------
| Password Confirmation Timeout
|--------------------------------------------------------------------------
|
| Here you may define the amount of seconds before a password confirmation
| times out and the user is prompted to re-enter their password via the
| confirmation screen. By default, the timeout lasts for three hours.
|
*/
'password_timeout' => 10800,
];
.htaccess
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
#Rules when running in localhost environment
RewriteCond %{REQUEST_FILENAME} -d [OR]
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ ^$1 [N]
RewriteCond %{REQUEST_URI} (\.\w+$) [NC]
RewriteRule ^(.*)$ public/$1
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ server.php
#Rules when running in production environment
#RewriteCond %{REQUEST_URI} !^public/
#RewriteRule ^(.*)$ public/$1 [L,QSA]
</IfModule>