我已经开始研究现有的Laravel 5.2项目了。我需要为应用程序的前端构建一些基本的API请求来与数据库通信。这些路由需要由用户的会话进行身份验证。
我尝试使用auth:api驱动程序设置中间件,并在../config/auth.php中将api ['driver']设置为'session'。但是,即使用户使用所有权限和角色进行身份验证,我仍然会将302重定向到登录页面。
有人可以推荐一些关于如何基于用户会话实现API身份验证的阅读或其他解决方案的想法吗?
来自routes / api.php:
Route::group(["middleware" => ["auth:api"]], function () {
// results in 302 redirect to /login
Route::get('test', function(){
return "TEST";
});
});
来自config / auth.php
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'session',
'provider' => 'users',
],
应用程序/ HTTP / Kernel.php
<?php
namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* @var array
*/
protected $middleware = [
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\App\Http\Middleware\NoCache::class,
];
/**
* The application's route middleware groups.
*
* @var array
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
'throttle:60,1',
'bindings',
],
];
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* @var array
*/
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'role' => \Zizaco\Entrust\Middleware\EntrustRole::class,
'permission' => \Zizaco\Entrust\Middleware\EntrustPermission::class,
'ability' => \Zizaco\Entrust\Middleware\EntrustAbility::class,
'dashboard' => \App\Http\Middleware\dashboardMiddleware::class,
'system' => \App\Http\Middleware\systemMiddleware::class
];
}
问题是您没有在请求中传递任何身份验证标头,因此,很明显它会将您重定向到登录屏幕,即使您使用邮递员访问API也是如此。
要证明这一点,请尝试从路由文件中的以下行auth中删除Route::group(["middleware" => ["auth:api"]], ...中间件,如果您点击测试路线,您应该能够获得TEST作为响应。此外,请记住,我们的api会自动将api /前缀绑定到所有api路由。因此,你应该向/api/test提出请求,你应该回来测试。
如果你想在你的api中加入auth,请阅读Laravel's Passport docs。如果你想要更简单的东西,请从docs中的onceBasic Auth中间件开始。
我希望这能以正确的方式指出你!
如果您有任何其他问题,请告诉我。
干杯!