为什么 api 路由不能使用 Auth::logout laravel

Question

现在，我在 VueJS 上使用 api.php 路由来自 Axios 的请求，我需要从 Auth::guard('web')->logout(); 命令注销，但目前，我不能这样做。

routes/api.php

Route::group([ 'prefix' => 'v1/auth', 'middleware' => 'jwt'], function () { //
  Route::get('me', 'Auth\UserController@me');
  Route::get('gg', 'Auth\UserController@test');
});

app/Http/sMiddleware/JwtMiddleware.php

    <?php

namespace App\Http\Middleware;

use Closure;
use Carbon\Carbon;
use Illuminate\Support\Facades\Cache;
use Tymon\JWTAuth\Exceptions\JWTException;
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
use Tymon\JWTAuth\Http\Middleware\BaseMiddleware;
use Tymon\JWTAuth\Exceptions\TokenExpiredException;
use Tymon\JWTAuth\Facades\JWTAuth;
use Illuminate\Support\Facades\Auth;

class RefreshToken extends BaseMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {


        try
        {
            if (! $user = JWTAuth::toUser(JWTAuth::getToken()))
            {
                return response()->json([
                'code'   => 101, // means auth error in the api,
                'response' => 'not authenticate' // nothing to show 
                ]);
            }
        }
        catch (TokenExpiredException $e)
        {
            // If the token is expired, then it will be refreshed and added to the headers
            try
            {
                $refreshed = JWTAuth::refresh(JWTAuth::getToken());
                header('Authorization: Bearer ' . $refreshed);
            }
            catch (JWTException $e)
            {
                return response()->json([
                'code'   => 103, // means not refreshable 
                'response' => 'token jwt exception' // nothing to show 
                ]);
            }
        }
        catch (JWTException $e)
        {

            Auth::guard('web')->logout(); // here

            return response()->json([
                'code'   => 101, // means auth error in the api,
                'response' => 'jwterror' // nothing to show 
            ]);
        }

        return  $next($request);
    }
}

但是当我从 api.php 迁移到 web.php 时。我可以使用 Axios 发帖以注销

请告诉我如何在 api 路由文件中使用Auth::logout。

对不起，我英语不好。

Answer 1

注销是通过session driver 实现的，与web guard 不同的是，api guard 使用的是token driver 而不是会话驱动程序。

基本上，用户并没有登录到 API，而是你的应用程序的 WEB 部分。

在api中；找到invalidate/expire令牌的方法，以便拥有该令牌的用户无法再访问api资源。

try {
   JWTAuth::invalidate($request->input('token'));
   return response()->json(['success' => true, 'message'=> "You have successfully logged out."]);
} catch (JWTException $e) {
   // something went wrong whilst attempting to encode the token
   return response()->json(['success' => false, 'error' => 'Failed to logout, please try again.'], 500);
}

Web logout

Session Logout