我在 laravel 中使用 tymon jwt auth 包进行令牌身份验证,如果令牌过期,我正在尝试刷新JWT令牌,我已经设置了一个中间件AuthenticateToken,如下所示:
class AuthenticateToken
{
public function handle($request, Closure $next)
{
try
{
if (! $user = JWTAuth::parseToken()->authenticate() )
{
return response()->json([
'code' => 401,
'response' => null
]);
}
}
catch (TokenExpiredException $e)
{
// If the token is expired, then it will be refreshed and added to the headers
try
{
$refreshed = JWTAuth::refresh(JWTAuth::getToken());
$user = JWTAuth::setToken($refreshed)->toUser();
header('Authorization: Bearer ' . $refreshed);
}
catch (JWTException $e)
{
return response()->json([
'code' => 403,
'response' => null
]);
}
}
catch (JWTException $e)
{
return response()->json([
'code' => 401,
'response' => null
]);
}
// Login the user instance for global usage
Auth::login($user, false);
return $next($request);
}
}
我在我的路由上使用该中间件:
Route::group(['prefix' => 'intranet', 'middleware' => ['token']], function () {
Route::get('intranet-post', 'ApiIntranetController@index');
});
在 Vue 中,我设置了公理和令牌刷新,如下所示:
// Apply refresh(ing) token
BACKEND.defaults.transformResponse.push((data, headers) => {
if (headers.authorization && store('token', headers.authorization)) {
BACKEND.defaults.headers.common.authorization = headers.authorization;
}
return data;
});
BACKEND.defaults.transformRequest.push((data, headers) => {
headers.authorization = `Bearer ${load('token')}`;
});
Vue.prototype.$http = axios;
Vue.prototype.$backend = BACKEND;
function store(key, value) {
try {
let oldLength = localStorage.length;
localStorage.setItem(key, value);
return !(localStorage.length > oldLength); // Returns true on write error
}
catch (err) {
return true;
}
}
function load(key) {
try {
return localStorage.getItem(key);
}
catch (err) {
return null;
}
}
但是,在令牌到期时,我仍然得到403响应。如果我在这里dd($e)中间件:
catch (TokenExpiredException $e)
{
// If the token is expired, then it will be refreshed and added to the headers
try
{
$refreshed = JWTAuth::refresh(JWTAuth::getToken());
$user = JWTAuth::setToken($refreshed)->toUser();
header('Authorization: Bearer ' . $refreshed);
}
catch (JWTException $e)
{
dd($e);
return response()->json([
'code' => 103,
'response' => null
]);
}
}
我得到:
令牌已被列入黑名单异常
我该如何解决这个问题?
试试我的中间件:
<?php
namespace AppHttpMiddleware;
use CarbonCarbon;
use IlluminateSupportFacadesCache;
use TymonJWTAuthExceptionsJWTException;
use SymfonyComponentHttpKernelExceptionUnauthorizedHttpException;
use TymonJWTAuthHttpMiddlewareBaseMiddleware;
use TymonJWTAuthExceptionsTokenExpiredException;
class RefreshToken extends BaseMiddleware {
public function handle($request, Closure $next) {
$this->checkForToken($request); // Check presence of a token.
try {
if (!$this->auth->parseToken()->authenticate()) { // Check user not found. Check token has expired.
throw new UnauthorizedHttpException('jwt-auth', 'User not found');
}
$payload = $this->auth->manager()->getPayloadFactory()->buildClaimsCollection()->toPlainArray();
return $next($request); // Token is valid. User logged. Response without any token.
} catch (TokenExpiredException $t) { // Token expired. User not logged.
$payload = $this->auth->manager()->getPayloadFactory()->buildClaimsCollection()->toPlainArray();
$key = 'block_refresh_token_for_user_' . $payload['sub'];
$cachedBefore = (int) Cache::has($key);
if ($cachedBefore) { // If a token alredy was refreshed and sent to the client in the last JWT_BLACKLIST_GRACE_PERIOD seconds.
Auth::onceUsingId($payload['sub']); // Log the user using id.
return $next($request); // Token expired. Response without any token because in grace period.
}
try {
$newtoken = $this->auth->refresh(); // Get new token.
$gracePeriod = $this->auth->manager()->getBlacklist()->getGracePeriod();
$expiresAt = Carbon::now()->addSeconds($gracePeriod);
Cache::put($key, $newtoken, $expiresAt);
} catch (JWTException $e) {
throw new UnauthorizedHttpException('jwt-auth', $e->getMessage(), $e, $e->getCode());
}
}
$response = $next($request); // Token refreshed and continue.
return $this->setAuthenticationHeader($response, $newtoken); // Response with new token on header Authorization.
}
}
有关更多详细信息,请参阅此帖子。
你可以编辑你的配置/jwt.php关于第224行。
<?php
.......
'blacklist_enabled' => env('JWT_BLACKLIST_ENABLED', false),