laravel 8 -> 使用 jwt 和 postman 授权
laravel 8 -> authorization with jwt and postman
我正在用 Laravel8 构建一个 API 并使用 postman ,我还使用 JWT 进行身份验证并希望授权创建一个新的 post ,我希望仅当用户是 admin 或 author 时才能够创建一个新的 post ,所以我创建了一个中间件 AdminLevelAuthorization 并在内核中将其添加为 'auth.level'
所以我在 api.php 中为我的路由放置了这个中间件:Route::apiResource('posts' , PostController::class)->middleware('auth.level:admin,author');
在postman中我登录并保存了我的令牌,我只是不知道如何使用这个令牌进行授权
当我在 postman 和授权部分转到这条路线 http://localhost:8000/api/posts 时,不记名令牌类型我在令牌字段中输入我的令牌,所以它说:
"You are unauthorized to access this resource"
不知道是我输入的token有误还是我的中间件有问题
这是我的中间件:
class AdminLevelAuthorization
{
public function handle($request, Closure $next, ...$levels)
{
try {
//Access token from the request
$token = JWTAuth::parseToken();//Try authenticating user
$user = $token->authenticate();
} catch (TokenExpiredException $e) {
//Thrown if token has expired
return $this->unauthorized('Your token has expired. Please, login again.');
} catch (TokenInvalidException $e) {
//Thrown if token invalid
return $this->unauthorized('Your token is invalid. Please, login again.');
} catch (JWTException $e) {
//Thrown if token was not found in the request.
return $this->unauthorized('Please, attach a Bearer Token to your request');
}
//If user was authenticated successfully and user is in one of the acceptable levels, send to next request.
if ($user && in_array($user->levels, $levels)) {
return $next($request);
}
return $this->unauthorized();
}
private function unauthorized($message = null){
return response()->json([
'message' => $message ? $message : 'You are unauthorized to access this resource',
'success' => false
], 401);
}
}
感谢您的帮助:)
问题出在 s 对于 user->levels 它必须是 $user->level
我正在用 Laravel8 构建一个 API 并使用 postman ,我还使用 JWT 进行身份验证并希望授权创建一个新的 post ,我希望仅当用户是 admin 或 author 时才能够创建一个新的 post ,所以我创建了一个中间件 AdminLevelAuthorization 并在内核中将其添加为 'auth.level'
所以我在 api.php 中为我的路由放置了这个中间件:Route::apiResource('posts' , PostController::class)->middleware('auth.level:admin,author');
在postman中我登录并保存了我的令牌,我只是不知道如何使用这个令牌进行授权
当我在 postman 和授权部分转到这条路线 http://localhost:8000/api/posts 时,不记名令牌类型我在令牌字段中输入我的令牌,所以它说:
"You are unauthorized to access this resource"
不知道是我输入的token有误还是我的中间件有问题
这是我的中间件:
class AdminLevelAuthorization
{
public function handle($request, Closure $next, ...$levels)
{
try {
//Access token from the request
$token = JWTAuth::parseToken();//Try authenticating user
$user = $token->authenticate();
} catch (TokenExpiredException $e) {
//Thrown if token has expired
return $this->unauthorized('Your token has expired. Please, login again.');
} catch (TokenInvalidException $e) {
//Thrown if token invalid
return $this->unauthorized('Your token is invalid. Please, login again.');
} catch (JWTException $e) {
//Thrown if token was not found in the request.
return $this->unauthorized('Please, attach a Bearer Token to your request');
}
//If user was authenticated successfully and user is in one of the acceptable levels, send to next request.
if ($user && in_array($user->levels, $levels)) {
return $next($request);
}
return $this->unauthorized();
}
private function unauthorized($message = null){
return response()->json([
'message' => $message ? $message : 'You are unauthorized to access this resource',
'success' => false
], 401);
}
}
感谢您的帮助:)
问题出在 s 对于 user->levels 它必须是 $user->level