Laravel 5.6 - 如何在 api 控制器中获取 auth()->user() 或 $response->user()? [英] Laravel 5.6 - How to get auth()->user() or $response->user() in api controller?
问题描述
在下面的api.php
路由文件中,有公共路由和私有路由:
In api.php
routes file below, there are public routes and private routes:
Route::group(['namespace' => 'API'], function() {
// Public routes (auth not required)
Route::group([], function() {
Route::get('/testauth1', 'TestController@testauth1');
// more public routes...
});
// Private routes (auth required)
Route::group(['middleware' => 'auth:api'], function() {
Route::get('/testauth2', 'TestController@testauth2');
// more private routes...
});
});
在 TestContoller
中,这些是上面调用的 2 个方法:
In the TestContoller
these are the 2 methods called above:
class TestController extends Controller {
public function testauth1(Request $request) {
// return auth()->user(); // does not return user
return $request->user(); // does not return user
}
public function testauth2() {
return auth()->user(); // returns user
}
}
由于私有路由组具有 auth:api
中间件,我们将通过检查 Authorization Bearer
标头中提供的令牌来确保用户通过身份验证.仅当存在有效令牌时,私有路由才会呈现给经过身份验证的用户.这就是 TestController@testauth2
正确返回 auth 用户的原因.
Since the private route group has the auth:api
middleware, we will ensure the user is authenticated by checking the token supplied in the Authorization Bearer
header. Only if a valid token is present will the private routes be rendered to the authenticated user. This is why TestController@testauth2
returns the auth user correctly.
现在,任何人都可以使用或不使用令牌访问公共路由.如果 Authorization Bearer
标头中没有提供令牌,那么我们将没有经过身份验证的用户,这是有道理的.这就是 TestController@testauth1
不返回 auth 用户的原因.但是,当登录用户访问 /testauth1
公共路由时,他们在 Authorization Bearer
标头中提供其令牌,因此应在 TestController@testauth1> 中返回code> 如果没有
auth()->user()
至少与 $request->user()
但我们似乎无法访问用户使用他们在该方法中提供的令牌.
Now, anyone can access the public routes, with or without token. If there is no token supplied in the Authorization Bearer
header, then we'll have no authenticated user, which makes sense. This is why TestController@testauth1
does not return an auth user. However, when a logged in user accesses /testauth1
public route, they provide their token in the Authorization Bearer
header and therefore should be returned in TestController@testauth1
if not with auth()->user()
at least with the $request->user()
but we can't seem to access the user with their supplied token in that method.
知道如何在所有公共路由方法中访问有效的令牌用户吗?
Any idea how we can access the valid token user in all public route methods?
推荐答案
将 api
防护作为参数传递以获取授权用户,而无需中间件保护请求.
Pass the api
guard as a parameter to fetch the authorized user without the middleware protecting the request.
$request->user('api');
// Or
auth('api')->user();
这篇关于Laravel 5.6 - 如何在 api 控制器中获取 auth()->user() 或 $response->user()?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!