【问题标题】:controller method return value without jwt token没有 jwt 令牌的控制器方法返回值
【发布时间】:2019-09-18 09:58:05
【问题描述】:

我已配置Jwt/tymon API 认证并使用自定义模型,我想要的是控制器功能不应该在没有 JWT 在登录时生成的令牌的情况下访问,

路线

Route::group([
    'middleware' => 'api'
    // 'prefix' => 'auth'

], function ($router) {
    Route::post('auth/mpalogin', 'MpaLoginController@mpaLogin')->name('login');
    Route::post('auth/mpalogout', 'MpaLoginController@logout');
    Route::post('auth/mparefresh', 'MpaLoginController@refresh');
    Route::post('auth/mpame', 'MpaLoginController@myinfo');
    Route::post('auth/mpag', 'MpaLoginController@awain');
});

CONTROLLER -> 最后的awain 方法在不发送令牌的情况下被访问,这是我不想要的,我希望我在此控制器中创建的每个方法都只能通过令牌访问

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use App\Http\Requests;
use Config;
use JWTAuth;
use JWTAuthException;
use App\Mpa;

class MpaLoginController extends Controller
{
    public function __construct()
    {

        Config::set('jwt.user', Mpa::class);
        Config::set('auth.providers', ['users' => [
                'driver' => 'eloquent',
                'model' => Mpa::class,
            ]]);
        $this->middleware('auth', ['except' => ['mpaLogin']]);
    }

    public function mpaLogin(Request $request){
        $credentials = $request->only('email', 'password');
        $token = null;
        try {
            if (!$token = auth()->attempt($credentials)) {
                return response()->json([
                    'response' => 'error',
                    'message' => 'invalid_email_or_password',
                ]);
            }
        } catch (JWTAuthException $e) {
            return response()->json([
                'response' => 'error',
                'message' => 'failed_to_create_token',
            ]);
        }
        return response()->json([
            'response' => 'success',
            'result' => [
                'token' => $token,
                'message' => 'I am front mpa',
            ],
        ]);
    }

    /**
     * Get the authenticated User.
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function myinfo()
    {
        return response()->json(auth()->user());
    }

    /**
     * Log the user out (Invalidate the token).
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function logout()
    {
        auth()->logout();

        return response()->json(['message' => 'Mpa Successfully logged out']);
    }

    /**
     * Refresh a token.
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function refresh()
    {
        return $this->respondWithToken(auth()->refresh());
    }

    /**
     * Get the token array structure.
     *
     * @param  string $token
     *
     * @return \Illuminate\Http\JsonResponse
     */
    protected function respondWithToken($token)
    {
        return response()->json([
            'access_token' => $token,
            'token_type' => 'bearer',
            'expires_in' => auth()->factory()->getTTL() * 60
        ]);
    }

    public function awain()
    {
        return response()->json("xyz");
    }
}

【问题讨论】:

    标签: laravel jwt


    【解决方案1】:

    你可以试试这个方法。

    1. 将此中间件文件添加到您的App\Http\Middleware 文件夹中。 文件名必须是JWTMiddleware.php
    <?php
    
    namespace App\Http\Middleware;
    
    use Closure;
    use App\Models\Authentication\Auth;
    use Tymon\JWTAuth\Facades\JWTAuth;
    use Tymon\JWTAuth\Exceptions\TokenExpiredException;
    use Tymon\JWTAuth\Exceptions\TokenInvalidException;
    use Tymon\JWTAuth\Exceptions\JWTException;
    
    class JWTMiddleware
    {
        /**
         * Handle an incoming request.
         *
         * @param  \Illuminate\Http\Request $request
         * @param  \Closure $next
         * @return mixed
         */
        public function handle($request, Closure $next)
        {
    
            if (is_null($request->bearerToken())) {
                return response()->json(['error' => 'Token required.'], 401);
            }
    
            try {
                // attempt to verify the credentials and create a token for the user
                $token = JWTAuth::getToken();
                $apy = JWTAuth::getPayload($token)->toArray();
    
            } catch (TokenExpiredException $e) {
    
                return response()->json(['error' => 'Session Expired.', 'status_code' => 401], 401);
    
            } catch (TokenInvalidException $e) {
    
                return response()->json(['error' => 'Token invalid.', 'status_code' => 401], 401);
    
            } catch (JWTException $e) {
    
                return response()->json(['token_absent' => $e->getMessage()], 401);
    
            }
    
            return $next($request);
        }
    }
    
    
    1. $routeMiddlewareApp\Http\kernel.php 文件中注册此中间件。
    protected $routeMiddleware = [
           ....
           ....
           'jwt' => \App\Http\Middleware\JWTMiddleware::class,
       ];
    
    
    1. 将此中间件添加到您的路由组。
    Route::group(['middleware' => [ 'jwt', 'jwt.auth']], function () {
        ....
        ....
        });
    

    工作示例回购: https://github.com/kennethtomagan/laravel-5-api-boilerplate/

    【讨论】:

      【解决方案2】:

      替换

      $this->middleware('auth', ['except' => ['mpaLogin']]);
      

      有了这个

      $this->middleware('api', ['except' => ['mpaLogin']]);
      

      还要从路由组中删除中间件。当您在控制器的构造中添加中间件代码时。

      【讨论】:

      • 谢谢您的回答,但是awain 方法在没有令牌的情况下被访问(这是不正确的)...如果您希望控制器的任何方法正在运行,则必须需要令牌。跨度>
      猜你喜欢
      • 2013-04-12
      • 2016-08-20
      • 2021-01-22
      • 2020-08-05
      • 1970-01-01
      • 1970-01-01
      • 2018-07-19
      • 2020-05-25
      相关资源
      最近更新 更多