app/Http/Kernel.php 裡面..
每一個 guard 對應到的認證 php 描述在:$routeMiddleware
第一個 $middleware 裡面描述的是不管哪一種方式認證都會載入的 class
第二個 $middlewareGroups 是有指定到對應的 group 才會載入的。
Laravel 已經做好了 CsrfToken 的認證,所以我們只要知道怎麼加入使用即可。
首先修改:app/Http/Kernel.php
在 $routeMiddleware 增加一項認證方式。
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
// your authenticate
'myapi' => \App\Http\Middleware\ApiAuth::class,
'csrf' => \App\Http\Middleware\VerifyCsrfToken::class,
];
因為 csrf 的認證也需要用到 session,所以我們選擇在 $middleware 作增加。
protected $middleware = [
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
];
沒有加入這兩行,會跳出 Session 相關的 exception。
接下來把 route 的 middleware 指向 csrf 就可以做認證了。
//following Which require authentication ................
Route::group(
[
'prefix' => 'v1',
'middleware' => 'csrf'
],
function() {
Route::get('stock',function(){
return response([1,2,3,4],200);
});
Route::post('stock', 'StockController@fetch')->name('home');
}
);
[
'prefix' => 'v1',
'middleware' => 'csrf'
],
function() {
Route::get('stock',function(){
return response([1,2,3,4],200);
});
Route::post('stock', 'StockController@fetch')->name('home');
}
);
這邊要注意一點,內建的 VerifyCsrfToken 預設 GET 是直接 pass,所以如果 GET 也想要做認證的話,要自己 override public function handle($request, Closure $next)。
原始的方式在:
vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php
public function handle($request, Closure $next)
{
if (
$this->isReading($request) ||
$this->runningUnitTests() ||
$this->inExceptArray($request) ||
$this->tokensMatch($request)
) {
return $this->addCookieToResponse($request, $next($request));
}
throw new TokenMismatchException;
}
/**
* Determine if the HTTP request uses a ‘read’ verb.
*
* @param \Illuminate\Http\Request $request
* @return bool
*/
protected function isReading($request)
{
return in_array($request->method(), ['HEAD', 'GET', 'OPTIONS']);
}
{
if (
$this->isReading($request) ||
$this->runningUnitTests() ||
$this->inExceptArray($request) ||
$this->tokensMatch($request)
) {
return $this->addCookieToResponse($request, $next($request));
}
throw new TokenMismatchException;
}
/**
* Determine if the HTTP request uses a ‘read’ verb.
*
* @param \Illuminate\Http\Request $request
* @return bool
*/
protected function isReading($request)
{
return in_array($request->method(), ['HEAD', 'GET', 'OPTIONS']);
}
以上
沒有留言:
張貼留言