Laravel 验证过滤器在生产服务器上失败
Laravel auth filter fails on production server
我正在使用具有标准内置 Auth 支持的 Laravel 4 框架。在本地环境中一切正常(MAMP、OSx),但在我的生产服务器上(带有 Ubuntu、Apache、Php 5.5.9 的 Digital Ocean 标准映像)auth 过滤器失败并允许未经身份验证的访问。
routes.php:
Route::group(['before'=>'auth'], function(){
Route::get('admin', array('uses' => 'AdminController@home'));
Route::get('admin/dashboard', function(){
return Redirect::to('admin');
});
Route::post('payment/ok', array('uses' => 'PaymentController@ok'));
Route::post('payment/fail', array('uses' => 'PaymentController@fail'));
Route::get('admin/makeDMS/{id}', array('uses' => 'PaymentController@makeDMStransaction'));
Route::get('admin/products', array('uses' => 'AdminController@products'));
Route::get('admin/product/{id}', array('uses' => 'AdminController@product'));
Route::get('admin/orders', array('uses' => 'AdminController@orders'));
Route::get('admin/order/{id}', array('uses' => 'AdminController@order'));
Route::post('admin/setOrderStatus', array('uses' => 'AdminController@setOrderStatus'));
Route::post('admin/updateProduct', array('uses' => 'AdminController@updateProduct'));
Route::get('admin/transactions', array('uses' => 'AdminController@transactions'));
});
filters.php:
Route::filter('auth', function()
{
if (Auth::guest())
{
if (Request::ajax())
{
return Response::make('Unauthorized', 401);
}
else
{
return Redirect::guest('login');
}
}
});
Route::filter('auth.basic', function()
{
return Auth::basic();
});
Route::filter('guest', function()
{
if (Auth::check()) return Redirect::to('/');
});
我尝试使用 Route::group 和控制器构造函数来保护所需的路由,但输出是相同的:使用良好凭据登录有效,凭据错误的用户无法登录,但路由组应该未经身份验证的用户可以使用被保护。
我发现 php 在快速 CGI 模式下会产生这种行为,但这是我的 sudo apachectl -M 输出:
Loaded Modules:
core_module (static)
so_module (static)
watchdog_module (static)
http_module (static)
log_config_module (static)
logio_module (static)
version_module (static)
unixd_module (static)
access_compat_module (shared)
alias_module (shared)
auth_basic_module (shared)
authn_core_module (shared)
authn_file_module (shared)
authz_core_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
filter_module (shared)
mime_module (shared)
mpm_prefork_module (shared)
negotiation_module (shared)
php5_module (shared)
rewrite_module (shared)
setenvif_module (shared)
status_module (shared)
好的,我找到了解决方案。一如既往,RTM...
我的环境设置为 "testing",这是为单元测试保留的,manual 很好地说:
Note: Route filters are disabled when in the testing environment. To
enable them, add Route::enableFilters() to your test.
我将环境变量更改为 "production",现在一切正常。
我正在使用具有标准内置 Auth 支持的 Laravel 4 框架。在本地环境中一切正常(MAMP、OSx),但在我的生产服务器上(带有 Ubuntu、Apache、Php 5.5.9 的 Digital Ocean 标准映像)auth 过滤器失败并允许未经身份验证的访问。
routes.php:
Route::group(['before'=>'auth'], function(){
Route::get('admin', array('uses' => 'AdminController@home'));
Route::get('admin/dashboard', function(){
return Redirect::to('admin');
});
Route::post('payment/ok', array('uses' => 'PaymentController@ok'));
Route::post('payment/fail', array('uses' => 'PaymentController@fail'));
Route::get('admin/makeDMS/{id}', array('uses' => 'PaymentController@makeDMStransaction'));
Route::get('admin/products', array('uses' => 'AdminController@products'));
Route::get('admin/product/{id}', array('uses' => 'AdminController@product'));
Route::get('admin/orders', array('uses' => 'AdminController@orders'));
Route::get('admin/order/{id}', array('uses' => 'AdminController@order'));
Route::post('admin/setOrderStatus', array('uses' => 'AdminController@setOrderStatus'));
Route::post('admin/updateProduct', array('uses' => 'AdminController@updateProduct'));
Route::get('admin/transactions', array('uses' => 'AdminController@transactions'));
});
filters.php:
Route::filter('auth', function()
{
if (Auth::guest())
{
if (Request::ajax())
{
return Response::make('Unauthorized', 401);
}
else
{
return Redirect::guest('login');
}
}
});
Route::filter('auth.basic', function()
{
return Auth::basic();
});
Route::filter('guest', function()
{
if (Auth::check()) return Redirect::to('/');
});
我尝试使用 Route::group 和控制器构造函数来保护所需的路由,但输出是相同的:使用良好凭据登录有效,凭据错误的用户无法登录,但路由组应该未经身份验证的用户可以使用被保护。
我发现 php 在快速 CGI 模式下会产生这种行为,但这是我的 sudo apachectl -M 输出:
Loaded Modules:
core_module (static)
so_module (static)
watchdog_module (static)
http_module (static)
log_config_module (static)
logio_module (static)
version_module (static)
unixd_module (static)
access_compat_module (shared)
alias_module (shared)
auth_basic_module (shared)
authn_core_module (shared)
authn_file_module (shared)
authz_core_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
filter_module (shared)
mime_module (shared)
mpm_prefork_module (shared)
negotiation_module (shared)
php5_module (shared)
rewrite_module (shared)
setenvif_module (shared)
status_module (shared)
好的,我找到了解决方案。一如既往,RTM...
我的环境设置为 "testing",这是为单元测试保留的,manual 很好地说:
Note: Route filters are disabled when in the testing environment. To enable them, add Route::enableFilters() to your test.
我将环境变量更改为 "production",现在一切正常。