Php 在中间件Laravel 5.5中获取会话值
我已经创建了使用angular 4前端和Larvel后端创建Rest Api的Web应用程序 它使用中间件,使用令牌保护APi。 当用户从前端登录时,“令牌”在后端(laravel)生成,存储在会话中并发送响应。该令牌在登录到标题“Authorization”后通过每个请求发送 自定义控制器:LoginControllerPhp 在中间件Laravel 5.5中获取会话值,php,laravel,Php,Laravel,我已经创建了使用angular 4前端和Larvel后端创建Rest Api的Web应用程序 它使用中间件,使用令牌保护APi。 当用户从前端登录时,“令牌”在后端(laravel)生成,存储在会话中并发送响应。该令牌在登录到标题“Authorization”后通过每个请求发送 自定义控制器:LoginController use Session; class LoginController extends Controller { public function authenticat
use Session;
class LoginController extends Controller
{
public function authenticate(Request $request)
{
//....validate user login data.....
$token = md5(uniqid(rand(), true));
Session::put('token', $token);
// ....send token in response...
}
}
中间件:rolemidware
use Session;
class RoleMiddleware
{
public function handle($request, Closure $next)
{
$token = Session::get('token');
//why token appears empty here
$header = $request->header('Authorization');
if($header == $token){
return $next($request);
}
}
}
Api路线:
Route::post('login', 'Settings\LoginController@authenticate');
Route::get('users/get/{email}', 'UserController@profile')->middleware('token');
kernel.php:
class Kernel extends HttpKernel
{
protected $middleware = [
/////.........
......
.....
\Illuminate\Session\Middleware\StartSession::class,
];
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Session\Middleware\StartSession::class,
'throttle:60,1',
'bindings',
],
];
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* @var array
*/
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'token' => \App\Http\Middleware\RoleMiddleware::class,
];
}
首先:
API身份验证
是无状态的,这意味着会话/cookie
不用于对系统中的用户进行身份验证
Second:Laravel会话仅在web路由上启动,但是您可以将其切换为在api路由中启动,但我认为这不是正确的选择。不过,如果您想让它工作,请确保在启动RoleMiddle软件之前在api组上启动这些中间件
'api' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\App\Http\Middleware\RoleMiddleware::class
'throttle:60,1',
'bindings',
];
Third:使用[JWT Authentication][1]
,其中包括一个中间件,用于检查用户是否有权在api中执行操作
它的工作原理是在用户登录时生成JWT令牌并返回
把那个令牌放在你前面的地方
结束状态文件
因此,在向后端发送每个请求时,您都会发送JWT令牌,然后
JWT中间件将检查用户是否“登录”以执行特定任务
行动
好的,谢谢你的回复。但是如何在不使用用户模型的情况下生成jwt令牌呢?我正在使用查询生成器来管理数据库。