Php 如何防止自定义laravel中间件应用于自定义防护?
我一直在努力实现jwt身份验证 我有3名警卫:Php 如何防止自定义laravel中间件应用于自定义防护?,php,laravel,authentication,routes,middleware,Php,Laravel,Authentication,Routes,Middleware,我一直在努力实现jwt身份验证 我有3名警卫: 'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'api' => [ 'driver' => 'token', 'provider' => 'users',
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
],
'remote' => [
'driver' => 'jwt',
'provider' => 'clients',
]
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'caretaker' => [
'driver' => 'eloquent',
'model' => App\Client::class,
],
],
WebGuard用于处理从登录页面登录的常规用户
api guard用于vue前端访问api
RemoteGuard用于对客户端表中的用户进行身份验证,这些用户也将访问api
以前客户端不需要进行身份验证,但现在我希望能够发送一个带有jwt令牌的链接作为查询参数,并对其进行身份验证和授权,以便仅访问选定的路由
我还有一个自定义中间件,它可以处理双因素身份验证,这似乎会干扰jwt身份验证
如何仅将我的2fa中间件应用于通过web guard身份验证的用户
目前看起来是这样的:
class TwoFactor
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$user = Auth::user();
$allowUserLogin = false;
$userOrg = UserOrganization::where('user_id', $user->id)->first();
$org = Organization::where('id', $userOrg->org_id)->first();
if($org->enable_two_factor_auth == true)
{
if(auth()->check() && $user->token_2fa)
{
if($user->token_2fa_expiry->lt(now()))
{
$user->resetTwoFactorCode();
auth()->logout();
return redirect()->route('login')
->withMessage('The two factor code has expired. Please login again');
}
if(!$request->is('verify*'))
{
return redirect()->route('verify.index');
}
}
return $next($request);
}
return $next($request);
}
}
Kernel.php:
class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* @var array
*/
protected $middleware = [
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\TrustProxies::class,
];
/**
* The application's route middleware groups.
*
* @var array
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
'throttle:60,1',
'bindings',
],
'remote' => [
'throttle:60,1',
'bindings',
]
];
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* @var array
*/
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'assign.guard' => \App\Http\Middleware\AssignGuard::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'edit_caretaker' => EditCaretaker::class,
'admin' => Admin::class,
'auth.role' => \App\Http\Middleware\RoleAuthorization::class,
'twofactor' => \App\Http\Middleware\TwoFactor::class,
//'jwt.role' => \App\Http\Middleware\JwtMiddleware::class,
'jwt.auth' => 'Tymon\JWTAuth\Middleware\GetUserFromToken',
'jwt.refresh' => 'Tymon\JWTAuth\Middleware\RefreshToken',
];
}
我在通过远程警卫进行身份验证时也遇到了其他问题。但我将把它留给一个单独的问题,除非它在这里变得相关
很高兴为我提供详细信息