我不了解Laravel身份验证的详细工作流程。如果有人能在这里帮我提供一些见解,我将不胜感激。
我有一个"admin"保护程序,它适用于admin.php中的所有路由,然而,当我使用相同的中间件调用我的api路由时,我会收到"未经验证"的错误。
admin.php
Route::middleware('auth:admin')->group(function () {
Route::get('example', [ExampleController::class, 'output'])
->name('example');
Route::get('verify-email', [EmailVerificationPromptController::class, '__invoke'])
->name('verification.notice');
Route::get('verify-email/{id}/{hash}', [VerifyEmailController::class, '__invoke'])
->middleware(['signed', 'throttle:6,1'])
->name('verification.verify');
Route::post('email/verification-notification', [EmailVerificationNotificationController::class, 'store'])
->middleware('throttle:6,1')
->name('verification.send');
Route::get('confirm-password', [ConfirmablePasswordController::class, 'show'])
->name('password.confirm');
Route::post('confirm-password', [ConfirmablePasswordController::class, 'store']);
Route::post('logout', [AuthenticatedSessionController::class, 'destroy'])
->name('logout');
// ログイン後TOP
Route::get('/top', function () {
return view('admin.top');
})->name('top');
});
api.php
<?php
use IlluminateHttpRequest;
use IlluminateSupportFacadesRoute;
use AppHttpControllersAdminImageImageController;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/
Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
return $request->user();
});
Route::group(['middleware' => ['auth:admin']], function () {
Route::post('/image/upload', [ImageController::class, 'upload'])->name('image.imageUpload');
});
登录请求.php
<?php
namespace AppHttpRequestsAdminAuth;
use IlluminateAuthEventsLockout;
use IlluminateFoundationHttpFormRequest;
use IlluminateSupportFacadesAuth;
use IlluminateSupportFacadesRateLimiter;
use IlluminateSupportStr;
use IlluminateValidationValidationException;
class LoginRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return true;
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules()
{
return [
'email' => ['required', 'string', 'email'],
'password' => ['required', 'string'],
];
}
/**
* Attempt to authenticate the request's credentials.
*
* @return void
*
* @throws IlluminateValidationValidationException
*/
public function authenticate()
{
$this->ensureIsNotRateLimited();
$this->is('admin/*') ? $guard = 'admin' : $guard = 'web';
// if (! Auth::attempt($this->only('email', 'password'), $this->boolean('remember'))) {
if (! Auth::guard($guard)->attempt($this->only('email', 'password'), $this->boolean('remember'))) {
RateLimiter::hit($this->throttleKey());
throw ValidationException::withMessages([
'email' => trans('auth.failed'),
]);
}
RateLimiter::clear($this->throttleKey());
}
/**
* Ensure the login request is not rate limited.
*
* @return void
*
* @throws IlluminateValidationValidationException
*/
public function ensureIsNotRateLimited()
{
if (! RateLimiter::tooManyAttempts($this->throttleKey(), 5)) {
return;
}
event(new Lockout($this));
$seconds = RateLimiter::availableIn($this->throttleKey());
throw ValidationException::withMessages([
'email' => trans('auth.throttle', [
'seconds' => $seconds,
'minutes' => ceil($seconds / 60),
]),
]);
}
/**
* Get the rate limiting throttle key for the request.
*
* @return string
*/
public function throttleKey()
{
return Str::lower($this->input('email')) . '|' . $this->ip();
}
}
RegisteredUserController.php
<?php
namespace AppHttpControllersAuth;
use AppHttpControllersController;
use AppModelsUser;
use AppProvidersRouteServiceProvider;
use IlluminateAuthEventsRegistered;
use IlluminateHttpRequest;
use IlluminateSupportFacadesAuth;
use IlluminateSupportFacadesHash;
use IlluminateValidationRules;
class RegisteredUserController extends Controller
{
/**
* Display the registration view.
*
* @return IlluminateViewView
*/
public function create()
{
return view('auth.register');
}
/**
* Handle an incoming registration request.
*
* @param IlluminateHttpRequest $request
* @return IlluminateHttpRedirectResponse
*
* @throws IlluminateValidationValidationException
*/
public function store(Request $request)
{
$request->validate([
'name' => ['required', 'string', 'max:255'],
'email' => ['required', 'string', 'email', 'max:255', 'unique:users'],
'password' => ['required', 'confirmed', RulesPassword::defaults()],
]);
$user = User::create([
'name' => $request->name,
'email' => $request->email,
'password' => Hash::make($request->password),
]);
event(new Registered($user));
Auth::login($user);
return redirect(RouteServiceProvider::HOME);
}
}
Ajax调用
function uploadImage($form, $i, $j) {
busyIndicator(true);
$form_el = $("#" + $form);
$market_id = $("#market-id").val();
$box_number = $("#box-number").val();
$branch_number = $i;
$image_number = $j;
$image = $("#fileInput-" + $i + "-" + $j).prop("files")[0];
$formData = new FormData();
$formData.append("_token", $("#csrf-token")[0].value);
$formData.append("market_id", $market_id);
$formData.append("box_number", $box_number);
$formData.append("branch_number", $branch_number);
$formData.append("image_number", $image_number);
$formData.append("image", $image, $image.name);
$.ajaxSetup({
headers: {
"X-CSRF-TOKEN": $('meta[name="csrf-token"]').attr("content"),
},
});
$.ajax({
type: "post",
url: "/api/image/upload",
enctype: "multipart/form-data",
processData: false,
contentType: false,
cache: false,
data: $formData,
success: function (data) {
busyIndicator(false);
if (data["isSuccess"]) {
$br = data["resultList"]["branchNumber"];
$im_no = data["resultList"]["imageNumber"];
$("#img-" + $br + "-" + $im_no).attr(
"src",
data["resultList"]["imagePath"]
);
$("#img-" + $br + "-" + $im_no).attr(
"image-name",
data["resultList"]["imageName"]
);
$("#img-" + $br + "-" + $im_no)
.prop("onclick", null)
.off("click");
} else {
}
},
error: function (jqXHR, status, err) {
console.log(jqXHR);
console.log(status);
console.log(err);
},
});
}
如果我还需要提供什么来帮助你理解我的问题,请随时在下面发表评论。
假设您的应用程序使用来自Laravel的API身份验证,您必须在后台发送一个API_token来验证当前用户。
您可以看到发送此令牌的不同示例:https://laravel.com/docs/5.8/api-authentication#passing-请求中的令牌