Laravel望远镜-禁止使用403

时间:2020-03-17 23:05:01

标签: laravel laravel-5

我已经实现了Laravel望远镜,只有APP_ENV=local

我已遵循Laravel的文档,并在TelescopeServiceProvider.php中更改了代码(请注意,我的环境被称为loca,dev,testing和prod)。

我访问Telescope的唯一方法是在每个环境中更改APP_ENV=local

有人知道哪个问题可以解决吗?

致谢

<?php

namespace App\Providers;

use Illuminate\Support\Facades\Gate;
use Laravel\Telescope\IncomingEntry;
use Laravel\Telescope\Telescope;
use Laravel\Telescope\TelescopeApplicationServiceProvider;

class TelescopeServiceProvider extends TelescopeApplicationServiceProvider
{
    /**
     * Register any application services.
     *
     * @return void
     */
    public function register()
    {
        // Telescope::night();

        $this->hideSensitiveRequestDetails();

        Telescope::filter(function (IncomingEntry $entry) {
            if ($this->app->environment('local') || $this->app->environment('dev') || $this->app->environment('test') || $this->app->environment('prod')) {
                return true;
            }


            return $entry->isReportableException() ||
                   $entry->isFailedRequest() ||
                   $entry->isFailedJob() ||
                   $entry->isScheduledTask() ||
                   $entry->hasMonitoredTag();
        });
    }

    /**
     * Prevent sensitive request details from being logged by Telescope.
     *
     * @return void
     */
    protected function hideSensitiveRequestDetails()
    {
        if ($this->app->environment('local') || $this->app->environment('dev') || $this->app->environment('test') || $this->app->environment('prod')) {
            return;
        }

        Telescope::hideRequestParameters(['_token']);

        Telescope::hideRequestHeaders([
            'cookie',
            'x-csrf-token',
            'x-xsrf-token',
        ]);
    }

    /**
     * Register the Telescope gate.
     *
     * This gate determines who can access Telescope in non-local environments.
     *
     * @return void
     */
    protected function gate()
    {
        Gate::define('viewTelescope', function ($user) {
            return in_array($user->email, [
                //
            ]);
        });
    }
}

这是我的confif/app.php文件

/*
 * Application Service Providers...
 */
App\Providers\AppServiceProvider::class,
App\Providers\AuthServiceProvider::class,
// App\Providers\BroadcastServiceProvider::class,
App\Providers\EventServiceProvider::class,
//App\Providers\TelescopeServiceProvider::class,
App\Providers\RouteServiceProvider::class,
Laravel\Socialite\SocialiteServiceProvider::class,

3 个答案:

答案 0 :(得分:7)

默认情况下,您只能在tidyverse环境中访问此仪表板

local文件中,有一种app/Providers/TelescopeServiceProvider.php方法。此授权门控制非本地环境中对Telescope的访问。您可以根据需要随意修改此门,以限制对Telescope安装的访问:

gate

答案 1 :(得分:2)

您可以在您的 authorization() 中的 Laravel\Telescope\TelescopeApplicationServiceProvider 中覆盖 App\Providers\TelescopeServiceProvider 方法并包含您的环境名称。

但要小心。

/**
 * Configure the Telescope authorization services.
 *
 * @return void
 */
protected function authorization()
{
    $this->gate();

    Telescope::auth(function ($request) {
        return app()->environment('local') ||
               Gate::check('viewTelescope', [$request->user()]);
    });
}


...
return app()->environment(['local', testing]) ||
       Gate::check('viewTelescope', [$request->user()]);
...

答案 2 :(得分:0)

如果你使用laravel作为api应用,你可以通过cookie使用auth。只需添加 cookie secretTelescope 并运行它。

Gate::define('viewTelescope', function (?User $user) {
    return array_key_exists('secretTelescope', $_COOKIE);
);
相关问题
最新问题