1

我正在使用 JWT-auth 和 Laravel 框架来验证用户身份。Laravel 用作服务端框架,前端代码在我们自己开发的框架中。所以我们使用api而不是web来实现认证。登录在此环境中运行良好,而注销和刷新令牌无法按我的意愿执行。我按照JWT-auth 文档的说明配置所有内容。

路由.php

Route::group(['middleware' => 'api', 'prefix' => 'user', 'namespace' => 'User'], function () {
   Route::post('/login', 'AuthController@login'); // login
   Route::post('/logout', 'AuthController@logout'); // logout (invalidate token)
   Route::post('/refresh', 'AuthController@refresh'); // refresh token});

内核.php

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        // \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],

    'api' => [
        'throttle:60,1',
        'bindings',
    ],
];

授权文件

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],

    'api' => [
        'driver' => 'jwt',
        'provider' => 'users',
    ],
],

'providers' => [
    'users' => [
        'driver' => 'password',
        'model' => App\User::class,
    ],

    /*'users' => [
        'driver' => 'database',
        'table' => 'user',
    ],*/
],

用户\认证控制器

<?php

namespace App\Http\Controllers\User;

use Illuminate\Support\Facades\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use AjaxResponse;
use Log;

class AuthController extends Controller
{
    /**
     * Create a new AuthController instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('auth:api', ['except' => ['login']]);
    }

    /**
     * login
     * @param Request $request 
     * @return mixed
     */
    public function login(Request $request)
    {
        $credentials = $request->only('phone', 'password');

        if (! $token = auth()->attempt($credentials)) {
            return AjaxResponse::fail(4001);
        }

        return $this->respondWithToken($token);
    }

    /**
     * logout(invalidate token)
     * @return \Illuminate\Http\JsonResponse
     */
    public function logout()
    {
        Log::debug('yyyyyyyyy');
        auth()->logout();

        return AjaxResponse::succeed(['message' => 'Successfully logged out']);
    }

    /**
     * refresh token
     * @return \Illuminate\Http\JsonResponse
     */
    public function refresh()
    {
        return $this->respondWithToken(auth()->refresh());
    }

    /**
     * get token structure
     * @param $token
     * @return mixed
     */
    protected function respondWithToken($token)
    {
        if (Auth::user()['deleted_at'] || ! Auth::user()['is_active'])
            return AjaxResponse::fail(4001);
        else
            return AjaxResponse::succeed([
                'access_token' => $token,
                'token_type' => 'bearer',
                'expires_in' => auth()->factory()->getTTL() * 60,
                'user_name' => Auth::user()['name'],
                'user_admin' => (bool)Auth::user()['is_admin']
            ]);
    }
}

这里发布我对访问注销的回复。

'yyyyyyyyy' 无法记录。所以似乎没有调用logout函数。AuthController

我写错了什么或遗漏了什么吗?提前致谢。

4

1 回答 1

0

经过几次尝试,我更改了 AuthController 的构造函数并且它工作了。

用户\认证控制器

public function __construct()
{
    $this->middleware('auth:api', ['except' => ['login', 'refresh', 'logout']]);
}

我添加了函数作为'except'的值,我希望在其中使当前会话无效。

于 2019-03-11T02:19:06.827 回答