Laravel 添加授权中间件后路由不调用控制器的功能
Laravel route not calling function of controller after adding auth middleware
添加 auth:api 中间件后,我的路由突然停止调用它应该调用的函数。当我删除中间件时,它又开始工作了。
api.php路线
Route::middleware('auth:api')->get('/addloancontroller', [\App\Http\Controllers\AddLoan::class, 'store'])
->name('addLoan');
AddLoan.php 控制器
<?php
namespace App\Http\Controllers;
use App\Models\EarningsRecord;
use App\Models\Lender;
use App\Models\LoanLenders;
use App\Models\Loans;
use App\Models\Login;
use App\Providers\RouteServiceProvider;
use Illuminate\Http\Request;
use Auth;
use Illuminate\Support\Facades\DB;
class AddLoan extends Controller
{
public function store(Request $request) {
$request->validate([
'amount' => 'required',
'startDate' => 'required',
'endDate' => 'required',
'dateLoanSigned' => 'required',
'interestRate' => 'required',
'interestPaymentPeriod' => 'required',
'interest_only_period' => 'required',
'active' => 'required',
'loanType' => 'required',
'fName' => 'required',
'lName' => 'required',
'earnings' => 'required',
'irdNum' => 'required',
'bankAccNum' => 'required',
'address' => 'required',
'phone' => 'required',
]);
$company_id = $request->user();
dd($company_id);
$loan = Loans::create([
'companies_id' => $company_id,
'amount' => $request->amount,
'startDate' => $request->startDate,
'endDate' => $request->endDate,
'dateCreated' => $request->dateLoanSigned,
'interestRate' => $request->interestRate,
'interestPaymentPeriod' => $request->interestPaymentPeriod,
'interestOnlyPeriod' => $request->interestOnlyPeriod,
'active' => $request->active,
'refinanced' => 0,
'loanType' => $request->loanType
]);
$loan->save();
$lender = Lender::create([
'fName' => $request->fName,
'lName' => $request->lName,
'annualEarnings' => $request->earnings,
'irdNum' => $request->irdNum,
'bankAccNum' => $request-> bankAccNum,
'address' => $request-> address,
'phone' => $request->phone,
'loginID' => null
]);
$lender->save();
$taxAmount = DB::table('tax_rates')
->where('minAmount', '<', $request->earnings)
->where('maxAmount', '>', $request->earnings);
$loanLender = LoanLenders::create([
'loansID' => $loan->id,
'lenderID' => $lender->id,
'companyID' => $company_id,
'taxAmount' => $taxAmount->id
]);
$loanLender->save();
$earningsReport = EarningsRecord::create([
'lenderID' => $lender->id,
'annualEarnings' => $lender->annualEarnings,
'dateRecorded' => date('d-m-Y')
]);
$earningsReport->save();
return redirect(RouteServiceProvider::HOME);
}
}
路由被调用为以下形式的动作:
<form method="GET" action="{{ route('addLoan') }}">
我所有的验证都只是寻找 'required' 的原因是因为我想确保它不是验证失败,只是没有产生错误。
提交表单后会发生什么?
当我提交表单并且路由附加了中间件时,它只是将我重定向回主屏幕。
缓存
我已经运行:
php artisan cache:clear
composer dump-autoload
身份验证令牌
如 laravel 文档中所述,我已经将 api_token 列添加到用户的迁移文件中(在我的例子中,我使用登录模型进行身份验证)。下面是迁移文件中我添加该列的行:
$table->string('api_token', 80)->unique()->nullable()->default(null);
这是文档中的行:
Schema::table('users', function ($table) {
$table->string('api_token', 80)->after('password')
->unique()
->nullable()
->default(null);
});
当我创建模型对象时,我通过这样做制作了经过身份验证的令牌:
'api_token' => Str::random(60)
当我检查数据库时,我发现 api_token 已成功添加,所以我不确定问题出在哪里。
(我用的文档link是here)
我建议在控制器中重构您的代码,这是我首先为您的方法创建 FormRequest,并将您的验证代码和规则移到那里。然后在 FormRequest 方法 authorize
中,我正在编写这样的代码:
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return auth('auth:api')->check(); // Method check return false/true.
}
public function rules()
{
return [
'amount' => ['required'],
'startDate' => ['required'],
'endDate' => ['required'],
'dateLoanSigned' => ['required'],
'interestRate' => ['required'],
'interestPaymentPeriod' => ['required'],
'interest_only_period' => ['required'],
'active' => ['required'],
'loanType' => ['required'],
'fName' => ['required'],
'lName' => ['required'],
'earnings' => ['required'],
'irdNum' => ['required'],
'bankAccNum' => ['required'],
'address' => ['required'],
'phone' => ['required']
];
}
此外,我建议将 HTTP 方法 GET
更改为 POST
。
您已经在 api
路由文件中定义了一个路由,并使用 auth:api
中间件(通常是 Passport
)对其进行了保护,但是您正在从 HTML form
这不是您通常消费 api
.
的方式
我假设您只是想保护通过应用程序中的网页访问的路由,因此我建议您研究一种基于 web
的身份验证机制 Laravel,例如 Fortify
or if you don't want to roll your own views, either Jetstream
or Breeze
.
更新
令牌与 api
结合使用,您当前实施的工作流程(网络表单)是 web
工作流程,因此不建议使用 api tokens
。
只要 user
经过身份验证并且对 web
和 api
守卫都有效,控制器中的 Auth
门面就可用。
如果您安装 Breeze
或 Jetstream
,如果您刚开始,我建议安装 Fortify
,您将能够使用 auth
中间件来保护您的路由,需要 users
验证自己(登录)才能访问受保护的路由。这意味着当 user
已通过身份验证并且您在控制器中处理请求时 Auth::id()
将 return 已通过身份验证的 id
user
.
添加 auth:api 中间件后,我的路由突然停止调用它应该调用的函数。当我删除中间件时,它又开始工作了。
api.php路线
Route::middleware('auth:api')->get('/addloancontroller', [\App\Http\Controllers\AddLoan::class, 'store'])
->name('addLoan');
AddLoan.php 控制器
<?php
namespace App\Http\Controllers;
use App\Models\EarningsRecord;
use App\Models\Lender;
use App\Models\LoanLenders;
use App\Models\Loans;
use App\Models\Login;
use App\Providers\RouteServiceProvider;
use Illuminate\Http\Request;
use Auth;
use Illuminate\Support\Facades\DB;
class AddLoan extends Controller
{
public function store(Request $request) {
$request->validate([
'amount' => 'required',
'startDate' => 'required',
'endDate' => 'required',
'dateLoanSigned' => 'required',
'interestRate' => 'required',
'interestPaymentPeriod' => 'required',
'interest_only_period' => 'required',
'active' => 'required',
'loanType' => 'required',
'fName' => 'required',
'lName' => 'required',
'earnings' => 'required',
'irdNum' => 'required',
'bankAccNum' => 'required',
'address' => 'required',
'phone' => 'required',
]);
$company_id = $request->user();
dd($company_id);
$loan = Loans::create([
'companies_id' => $company_id,
'amount' => $request->amount,
'startDate' => $request->startDate,
'endDate' => $request->endDate,
'dateCreated' => $request->dateLoanSigned,
'interestRate' => $request->interestRate,
'interestPaymentPeriod' => $request->interestPaymentPeriod,
'interestOnlyPeriod' => $request->interestOnlyPeriod,
'active' => $request->active,
'refinanced' => 0,
'loanType' => $request->loanType
]);
$loan->save();
$lender = Lender::create([
'fName' => $request->fName,
'lName' => $request->lName,
'annualEarnings' => $request->earnings,
'irdNum' => $request->irdNum,
'bankAccNum' => $request-> bankAccNum,
'address' => $request-> address,
'phone' => $request->phone,
'loginID' => null
]);
$lender->save();
$taxAmount = DB::table('tax_rates')
->where('minAmount', '<', $request->earnings)
->where('maxAmount', '>', $request->earnings);
$loanLender = LoanLenders::create([
'loansID' => $loan->id,
'lenderID' => $lender->id,
'companyID' => $company_id,
'taxAmount' => $taxAmount->id
]);
$loanLender->save();
$earningsReport = EarningsRecord::create([
'lenderID' => $lender->id,
'annualEarnings' => $lender->annualEarnings,
'dateRecorded' => date('d-m-Y')
]);
$earningsReport->save();
return redirect(RouteServiceProvider::HOME);
}
}
路由被调用为以下形式的动作:
<form method="GET" action="{{ route('addLoan') }}">
我所有的验证都只是寻找 'required' 的原因是因为我想确保它不是验证失败,只是没有产生错误。
提交表单后会发生什么?
当我提交表单并且路由附加了中间件时,它只是将我重定向回主屏幕。
缓存
我已经运行:
php artisan cache:clear
composer dump-autoload
身份验证令牌
如 laravel 文档中所述,我已经将 api_token 列添加到用户的迁移文件中(在我的例子中,我使用登录模型进行身份验证)。下面是迁移文件中我添加该列的行:
$table->string('api_token', 80)->unique()->nullable()->default(null);
这是文档中的行:
Schema::table('users', function ($table) {
$table->string('api_token', 80)->after('password')
->unique()
->nullable()
->default(null);
});
当我创建模型对象时,我通过这样做制作了经过身份验证的令牌:
'api_token' => Str::random(60)
当我检查数据库时,我发现 api_token 已成功添加,所以我不确定问题出在哪里。
(我用的文档link是here)
我建议在控制器中重构您的代码,这是我首先为您的方法创建 FormRequest,并将您的验证代码和规则移到那里。然后在 FormRequest 方法 authorize
中,我正在编写这样的代码:
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return auth('auth:api')->check(); // Method check return false/true.
}
public function rules()
{
return [
'amount' => ['required'],
'startDate' => ['required'],
'endDate' => ['required'],
'dateLoanSigned' => ['required'],
'interestRate' => ['required'],
'interestPaymentPeriod' => ['required'],
'interest_only_period' => ['required'],
'active' => ['required'],
'loanType' => ['required'],
'fName' => ['required'],
'lName' => ['required'],
'earnings' => ['required'],
'irdNum' => ['required'],
'bankAccNum' => ['required'],
'address' => ['required'],
'phone' => ['required']
];
}
此外,我建议将 HTTP 方法 GET
更改为 POST
。
您已经在 api
路由文件中定义了一个路由,并使用 auth:api
中间件(通常是 Passport
)对其进行了保护,但是您正在从 HTML form
这不是您通常消费 api
.
我假设您只是想保护通过应用程序中的网页访问的路由,因此我建议您研究一种基于 web
的身份验证机制 Laravel,例如 Fortify
or if you don't want to roll your own views, either Jetstream
or Breeze
.
更新
令牌与 api
结合使用,您当前实施的工作流程(网络表单)是 web
工作流程,因此不建议使用 api tokens
。
只要 user
经过身份验证并且对 web
和 api
守卫都有效,控制器中的 Auth
门面就可用。
如果您安装 Breeze
或 Jetstream
,如果您刚开始,我建议安装 Fortify
,您将能够使用 auth
中间件来保护您的路由,需要 users
验证自己(登录)才能访问受保护的路由。这意味着当 user
已通过身份验证并且您在控制器中处理请求时 Auth::id()
将 return 已通过身份验证的 id
user
.