Laravel 添加授权中间件后路由不调用控制器的功能
Laravel route not calling function of controller after adding auth middleware
添加 auth:api 中间件后,我的路由突然停止调用它应该调用的函数。当我删除中间件时,它又开始工作了。
api.php路线
Route::middleware('auth:api')->get('/addloancontroller', [\App\Http\Controllers\AddLoan::class, 'store'])
->name('addLoan');
AddLoan.php 控制器
<?php
namespace App\Http\Controllers;
use App\Models\EarningsRecord;
use App\Models\Lender;
use App\Models\LoanLenders;
use App\Models\Loans;
use App\Models\Login;
use App\Providers\RouteServiceProvider;
use Illuminate\Http\Request;
use Auth;
use Illuminate\Support\Facades\DB;
class AddLoan extends Controller
{
public function store(Request $request) {
$request->validate([
'amount' => 'required',
'startDate' => 'required',
'endDate' => 'required',
'dateLoanSigned' => 'required',
'interestRate' => 'required',
'interestPaymentPeriod' => 'required',
'interest_only_period' => 'required',
'active' => 'required',
'loanType' => 'required',
'fName' => 'required',
'lName' => 'required',
'earnings' => 'required',
'irdNum' => 'required',
'bankAccNum' => 'required',
'address' => 'required',
'phone' => 'required',
]);
$company_id = $request->user();
dd($company_id);
$loan = Loans::create([
'companies_id' => $company_id,
'amount' => $request->amount,
'startDate' => $request->startDate,
'endDate' => $request->endDate,
'dateCreated' => $request->dateLoanSigned,
'interestRate' => $request->interestRate,
'interestPaymentPeriod' => $request->interestPaymentPeriod,
'interestOnlyPeriod' => $request->interestOnlyPeriod,
'active' => $request->active,
'refinanced' => 0,
'loanType' => $request->loanType
]);
$loan->save();
$lender = Lender::create([
'fName' => $request->fName,
'lName' => $request->lName,
'annualEarnings' => $request->earnings,
'irdNum' => $request->irdNum,
'bankAccNum' => $request-> bankAccNum,
'address' => $request-> address,
'phone' => $request->phone,
'loginID' => null
]);
$lender->save();
$taxAmount = DB::table('tax_rates')
->where('minAmount', '<', $request->earnings)
->where('maxAmount', '>', $request->earnings);
$loanLender = LoanLenders::create([
'loansID' => $loan->id,
'lenderID' => $lender->id,
'companyID' => $company_id,
'taxAmount' => $taxAmount->id
]);
$loanLender->save();
$earningsReport = EarningsRecord::create([
'lenderID' => $lender->id,
'annualEarnings' => $lender->annualEarnings,
'dateRecorded' => date('d-m-Y')
]);
$earningsReport->save();
return redirect(RouteServiceProvider::HOME);
}
}
路由被调用为以下形式的动作:
<form method="GET" action="{{ route('addLoan') }}">
我所有的验证都只是寻找 'required' 的原因是因为我想确保它不是验证失败,只是没有产生错误。
提交表单后会发生什么?
当我提交表单并且路由附加了中间件时,它只是将我重定向回主屏幕。
缓存
我已经运行:
php artisan cache:clearcomposer dump-autoload
身份验证令牌
如 laravel 文档中所述,我已经将 api_token 列添加到用户的迁移文件中(在我的例子中,我使用登录模型进行身份验证)。下面是迁移文件中我添加该列的行:
$table->string('api_token', 80)->unique()->nullable()->default(null);
这是文档中的行:
Schema::table('users', function ($table) {
$table->string('api_token', 80)->after('password')
->unique()
->nullable()
->default(null);
});
当我创建模型对象时,我通过这样做制作了经过身份验证的令牌:
'api_token' => Str::random(60)
当我检查数据库时,我发现 api_token 已成功添加,所以我不确定问题出在哪里。
(我用的文档link是here)
我建议在控制器中重构您的代码,这是我首先为您的方法创建 FormRequest,并将您的验证代码和规则移到那里。然后在 FormRequest 方法 authorize 中,我正在编写这样的代码:
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return auth('auth:api')->check(); // Method check return false/true.
}
public function rules()
{
return [
'amount' => ['required'],
'startDate' => ['required'],
'endDate' => ['required'],
'dateLoanSigned' => ['required'],
'interestRate' => ['required'],
'interestPaymentPeriod' => ['required'],
'interest_only_period' => ['required'],
'active' => ['required'],
'loanType' => ['required'],
'fName' => ['required'],
'lName' => ['required'],
'earnings' => ['required'],
'irdNum' => ['required'],
'bankAccNum' => ['required'],
'address' => ['required'],
'phone' => ['required']
];
}
此外,我建议将 HTTP 方法 GET 更改为 POST。
您已经在 api 路由文件中定义了一个路由,并使用 auth:api 中间件(通常是 Passport)对其进行了保护,但是您正在从 HTML form 这不是您通常消费 api.
的方式
我假设您只是想保护通过应用程序中的网页访问的路由,因此我建议您研究一种基于 web 的身份验证机制 Laravel,例如 Fortify or if you don't want to roll your own views, either Jetstream or Breeze.
更新
令牌与 api 结合使用,您当前实施的工作流程(网络表单)是 web 工作流程,因此不建议使用 api tokens。
只要 user 经过身份验证并且对 web 和 api 守卫都有效,控制器中的 Auth 门面就可用。
如果您安装 Breeze 或 Jetstream,如果您刚开始,我建议安装 Fortify,您将能够使用 auth 中间件来保护您的路由,需要 users 验证自己(登录)才能访问受保护的路由。这意味着当 user 已通过身份验证并且您在控制器中处理请求时 Auth::id() 将 return 已通过身份验证的 id user.
添加 auth:api 中间件后,我的路由突然停止调用它应该调用的函数。当我删除中间件时,它又开始工作了。
api.php路线
Route::middleware('auth:api')->get('/addloancontroller', [\App\Http\Controllers\AddLoan::class, 'store'])
->name('addLoan');
AddLoan.php 控制器
<?php
namespace App\Http\Controllers;
use App\Models\EarningsRecord;
use App\Models\Lender;
use App\Models\LoanLenders;
use App\Models\Loans;
use App\Models\Login;
use App\Providers\RouteServiceProvider;
use Illuminate\Http\Request;
use Auth;
use Illuminate\Support\Facades\DB;
class AddLoan extends Controller
{
public function store(Request $request) {
$request->validate([
'amount' => 'required',
'startDate' => 'required',
'endDate' => 'required',
'dateLoanSigned' => 'required',
'interestRate' => 'required',
'interestPaymentPeriod' => 'required',
'interest_only_period' => 'required',
'active' => 'required',
'loanType' => 'required',
'fName' => 'required',
'lName' => 'required',
'earnings' => 'required',
'irdNum' => 'required',
'bankAccNum' => 'required',
'address' => 'required',
'phone' => 'required',
]);
$company_id = $request->user();
dd($company_id);
$loan = Loans::create([
'companies_id' => $company_id,
'amount' => $request->amount,
'startDate' => $request->startDate,
'endDate' => $request->endDate,
'dateCreated' => $request->dateLoanSigned,
'interestRate' => $request->interestRate,
'interestPaymentPeriod' => $request->interestPaymentPeriod,
'interestOnlyPeriod' => $request->interestOnlyPeriod,
'active' => $request->active,
'refinanced' => 0,
'loanType' => $request->loanType
]);
$loan->save();
$lender = Lender::create([
'fName' => $request->fName,
'lName' => $request->lName,
'annualEarnings' => $request->earnings,
'irdNum' => $request->irdNum,
'bankAccNum' => $request-> bankAccNum,
'address' => $request-> address,
'phone' => $request->phone,
'loginID' => null
]);
$lender->save();
$taxAmount = DB::table('tax_rates')
->where('minAmount', '<', $request->earnings)
->where('maxAmount', '>', $request->earnings);
$loanLender = LoanLenders::create([
'loansID' => $loan->id,
'lenderID' => $lender->id,
'companyID' => $company_id,
'taxAmount' => $taxAmount->id
]);
$loanLender->save();
$earningsReport = EarningsRecord::create([
'lenderID' => $lender->id,
'annualEarnings' => $lender->annualEarnings,
'dateRecorded' => date('d-m-Y')
]);
$earningsReport->save();
return redirect(RouteServiceProvider::HOME);
}
}
路由被调用为以下形式的动作:
<form method="GET" action="{{ route('addLoan') }}">
我所有的验证都只是寻找 'required' 的原因是因为我想确保它不是验证失败,只是没有产生错误。
提交表单后会发生什么?
当我提交表单并且路由附加了中间件时,它只是将我重定向回主屏幕。
缓存
我已经运行:
php artisan cache:clearcomposer dump-autoload
身份验证令牌
如 laravel 文档中所述,我已经将 api_token 列添加到用户的迁移文件中(在我的例子中,我使用登录模型进行身份验证)。下面是迁移文件中我添加该列的行:
$table->string('api_token', 80)->unique()->nullable()->default(null);
这是文档中的行:
Schema::table('users', function ($table) {
$table->string('api_token', 80)->after('password')
->unique()
->nullable()
->default(null);
});
当我创建模型对象时,我通过这样做制作了经过身份验证的令牌:
'api_token' => Str::random(60)
当我检查数据库时,我发现 api_token 已成功添加,所以我不确定问题出在哪里。
(我用的文档link是here)
我建议在控制器中重构您的代码,这是我首先为您的方法创建 FormRequest,并将您的验证代码和规则移到那里。然后在 FormRequest 方法 authorize 中,我正在编写这样的代码:
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return auth('auth:api')->check(); // Method check return false/true.
}
public function rules()
{
return [
'amount' => ['required'],
'startDate' => ['required'],
'endDate' => ['required'],
'dateLoanSigned' => ['required'],
'interestRate' => ['required'],
'interestPaymentPeriod' => ['required'],
'interest_only_period' => ['required'],
'active' => ['required'],
'loanType' => ['required'],
'fName' => ['required'],
'lName' => ['required'],
'earnings' => ['required'],
'irdNum' => ['required'],
'bankAccNum' => ['required'],
'address' => ['required'],
'phone' => ['required']
];
}
此外,我建议将 HTTP 方法 GET 更改为 POST。
您已经在 api 路由文件中定义了一个路由,并使用 auth:api 中间件(通常是 Passport)对其进行了保护,但是您正在从 HTML form 这不是您通常消费 api.
我假设您只是想保护通过应用程序中的网页访问的路由,因此我建议您研究一种基于 web 的身份验证机制 Laravel,例如 Fortify or if you don't want to roll your own views, either Jetstream or Breeze.
更新
令牌与 api 结合使用,您当前实施的工作流程(网络表单)是 web 工作流程,因此不建议使用 api tokens。
只要 user 经过身份验证并且对 web 和 api 守卫都有效,控制器中的 Auth 门面就可用。
如果您安装 Breeze 或 Jetstream,如果您刚开始,我建议安装 Fortify,您将能够使用 auth 中间件来保护您的路由,需要 users 验证自己(登录)才能访问受保护的路由。这意味着当 user 已通过身份验证并且您在控制器中处理请求时 Auth::id() 将 return 已通过身份验证的 id user.