Question

我已经使用 laravel 8 和护照开发了 laravel api。我生成令牌，当我尝试使用该令牌访问时，它会将我发送到 Middleware/authenticate.php redirectTo() 函数。

一段时间后，当我再次尝试生成新令牌时，它会将我发送到相同的 redirectTo 方法，即使该路由不在 auth:api 中间件组中。

即使没有任何中间件的路由也会进行身份验证并将其发送到 redirectTo 方法。

路由/api.php

Route::group(['prefix' => 'v1'], function(){
  Route::post('/login', [AuthController::class,'login']);
  Route::post('/register', [AuthController::class,'register']);
});
Route::group(['middleware'=>['auth:api'],'prefix' => 'v1'], function(){
  Route::get('/contacts',[ContactController::class,'index']);
  Route::get('/contacts/{id}',[ContactController::class,'show']);
});
Route::get('/greeting', function () {
   return 'Hello World 2';
});

config/auth.php

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],

    'api' => [
        'driver' => 'passport',
        'provider' => 'users',
        'hash' => false,
    ],
],

http/kernel.php

protected $middleware = [
    // \App\Http\Middleware\TrustHosts::class,
    \App\Http\Middleware\TrustProxies::class,
    \Fruitcake\Cors\HandleCors::class,
    \App\Http\Middleware\PreventRequestsDuringMaintenance::class,
    \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
    \App\Http\Middleware\TrimStrings::class,
    \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
];

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],

    'api' => [
        'throttle:api',
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
        'auth:api',
    ],
];

protected $routeMiddleware = [
    'auth' => \App\Http\Middleware\Authenticate::class,
    'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
    'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
    'can' => \Illuminate\Auth\Middleware\Authorize::class,
    'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
    'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
    'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
    'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
    'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
    'is_admin' => \App\Http\Middleware\IsAdmin::class,
];

即使是简单的“/greeting”路由也会通过身份验证并发送到 redirectTo 方法。所以非路线工作正常

laravel api 不验证不记名令牌

0 个答案: