【发布时间】:2020-10-25 14:45:12
【问题描述】:
我在验证用户时遇到问题。这是我控制器中的身份验证方法:
public function authenticate(Request $request){
$user = User::where('username', $request->username)->first();
$user_model = new User;
$return_credentials = [
'message' => "User does not exist.",
'status' => false,
'user_details' => ""
];
if(!empty($user) && !is_null($user)){
$remember = Str::random(60);
if(\Auth::attempt(['username' => $request->username, 'password' => $request->password, 'verified' => '1'], $remember)){
$user = \Auth::user();
$token_result = $user->createToken('Personal Access Token');
$token = $token_result->token;
$token->expires_at = Carbon::now()->addWeeks(1);
$return_credentials['message'] = "User Successfully Logged in.";
$return_credentials['status'] = true;
$token->save();
}else{
$return_credentials['message'] = "User Failed to Log in.";
$return_credentials['status'] = false;
}
}
$return_credentials['user_details'] = $user;
return response()->json($return_credentials);
}
每次我使用(这个中间件)访问路由时:
Route::group(['middleware' => 'auth:api'], function() {
Route::get('user', '\App\Http\Controllers\UserController@verifyUserLoggedIn');
});
它返回:
GET http://..../api/auth/user 401 (Unauthorized)
问:我错过了一步还是什么?
【问题讨论】:
-
顺便说一句,您在这里使用了 2 个不同的警卫
-
我可以知道你的意思吗?比如,哪个是哪个?
-
您的默认保护可能是
'web',所以Auth::attempt(...)使用'web'保护...然后您使用auth 中间件检查'api'保护,这是一种不同的机制用于身份验证
标签: laravel api authentication routes middleware