0

目前我已经使用以下配置设置了 Guardian 身份验证:

pipeline :api do
  plug :accepts, ["json"]
  plug MyApp.AuthAccessPipeline
end

defmodule MyApp.AuthAccessPipeline do
  use Guardian.Plug.Pipeline, otp_app: :my_app

  plug Guardian.Plug.VerifySession, claims: %{"typ" => "access"}
  plug Guardian.Plug.VerifyHeader, claims: %{"typ" => "access"}
  plug Guardian.Plug.EnsureAuthenticated
  plug Guardian.Plug.LoadResource, allow_blank: true
end

我的路线设置如下:

scope "/api/v1", MyAppWeb do
    pipe_through :api

  resources "/users", UserController, except: [:new, :edit]

  post "/auth/sign_up", UserController, :sign_up
  post "/auth/sign_in", UserController, :sign_in
  post "/auth/forgot_password", UserController, :forgot_password
end

如何设置此管道以便/auth/*无需身份验证即可访问路由?

4

1 回答 1

1

我可以通过这样设置我的路线来解决这个问题:

pipeline :anonymous do
  plug :accepts, ["json"]
end

pipeline :protected do
  plug :accepts, ["json"]
  plug MyApp.AuthAccessPipeline
end

scope "/api/v1/auth", MyAppWeb do
  pipe_through :anonymous

  post "/sign_up", UserController, :sign_up
  post "/sign_in", UserController, :sign_in
  post "/forgot_password", UserController, :forgot_password
end

scope "/api/v1", MyAppWeb do
  pipe_through :protected

  resources "/users", UserController, except: [:new, :edit]
end
于 2021-07-27T06:53:34.597 回答