授权用户访问路由

时间:2021-03-30 04:34:47

标签: php laravel-8 laravel-sanctum

我是 laravel 的新手,我现在正在构建一个 API。我开始使用 laravel:sanctum 进行授权,但是即使用户未登录,我的 router:: 中间件 ('auth:sanctum') 也会计算出路由,请帮助我限制未经授权的用户访问某些功能。这是我的代码: 身份验证控制器:

<?php

namespace App\Http\Controllers;

use App\Http\Requests\UserCreateRequest;
use App\Http\Requests\UserLoginRequest;
use Egulias\EmailValidator\Exception\AtextAfterCFWS;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Http\Request;
use Illuminate\Database\Eloquent\Builder;
use App\Models\User;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Str;
use phpDocumentor\Reflection\DocBlock\Tags\Uses;

class AuthController extends Controller
{
    public function store(UserCreateRequest $request){
        $user               = new User();
        $user->login        = $request->get('login');
        $user->password     = Hash::make($request->get('password'));
        $user->email        = $request->get('email');
        $user->number_phone = $request->get('number_phone');
        $user->assignRole('user');

        if (!$user->save()) {
            return response()->json(['message'=>'Регистрация не удалась']);
        }

        return response()->json(['message'=>$user->jsonSerialize()]);
    }

    public function login(UserLoginRequest $request){

        $user = User::query()->where('login', $request->get('login'))->first();
        if (!$user || !Hash::check($request->get('password'), $user->password)) {
            return response()->json(['message'=>'Попытка входа не удалась'], 400);
        }

        $token = $user->createToken('api_token')->plainTextToken;
        $user->api_token = $token;
        $user->save();
        Auth::login($user);

        return response()->json(['message'=>Auth::user()->api_token], 200);
    }

    public function logout(Request $request) {
        $request->user()->currentAccessToken()->delete();

        return response()->json(['message' => 'Вы вышли из системы'], 200);
    }
}

管理控制器:

<?php

namespace App\Http\Controllers;

use App\Http\Requests\UserCreateRequest;
use App\Http\Requests\UserUpdateRequest;
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use function Symfony\Component\String\u;

class AdminController extends Controller
{
    public function store(UserCreateRequest $request){
        $user = new User();
        $user->login        = $request->get('login');
        $user->password     = Hash::make($request->get('password'));
        $user->email        = $request->get('email');
        $user->number_phone = $request->get('number_phone');
        $user->assignRole($request->get('role'));
//        $user->role_id      = $request->get('role_id') ? $request->get('role_id') : 1;

        if (!$user->save()) {
            return response()->json(['message'=>'Регистрация не удалась']);
        }

        return response()->json(['message'=>$user->jsonSerialize()]);
    }

    public function delete(User $user) {
        if ($user->delete()) {
            return response()->json($user->login . ' удалён', 200);
        }

        return response()->json(['message' => 'Пользователь не удалён'], 500);
    }

    public function update($id, UserUpdateRequest $request)
    {
        $user = User::query()->find($id);
        $user->login = $request->input('login');
        $user->password = $request->input('password');
        $user->email = $request->input('email');
        $user->number_phone = $request->input('number_phone');
        $user->assignRole($request->input('role'));
    }
}

api.php:

<?php

use App\Http\Controllers\ApplicationController;
use App\Http\Controllers\AuthController;
use App\Http\Controllers\ReviewController;
use App\Http\Controllers\AdminController;
use App\Http\Requests\UserLoginRequest;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Route;

/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/

Route::middleware('auth:api')->get('/user', function (Request $request) {
    return $request->user();
});

Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
    Route::post('userDelete/{user}', [AdminController::class, 'delete']);
    return $request->user();
});

Route::group(['middleware' => ['role:admin']], function () {
    Route::get('test', function () {
        return view('test');
    });
});

Route::post('login', [AuthController::class, 'login']);
Route::post('authStore', [AuthController::class, 'store']);
Route::get('authLogout', [AuthController::class, 'logout']);

Route::get('application/{id}', [ApplicationController::class, 'showById']);
Route::get('application', [ApplicationController::class, 'show']);
Route::post('applicationStore', [ApplicationController::class, 'store']);
Route::post('applicationDelete', [ApplicationController::class, 'delete']);

Route::post('userDelete/{user}', [AdminController::class, 'delete']);
Route::post('userStore', [AdminController::class, 'store']);

Route::get('review', [ReviewController::class, 'show']);
Route::post('reviewStore', [ReviewController::class, 'store']);
Route::post('review/{id}', [ReviewController::class, 'update']);

0 个答案:

没有答案
相关问题
最新问题