我试图阻止某些用户访问某些路由。我创建了一个名为 CheckUserRole 的中间件。但当我尝试从登录用户获取任何数据时,我总是得到空响应,这与我在视图中请求用户 ID 时不同。
我正在使用 PHP 8.2.8 和 laravel 10
这是我的 web.php 文件
<?php
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\HomeController;
use App\Http\Controllers\Admin\PsychologicalTestController;
use App\Http\Controllers\Admin\ProfileController;
use App\Http\Controllers\Admin\TaskController;
use App\Http\Controllers\Admin\CapsuleController;
/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider and all of them will
| be assigned to the "web" middleware group. Make something great!
|
*/
Route::redirect('/', '/login');
// Authentication routes
Route::middleware(['auth',])->group(function () {
Route::get('/home', [HomeController::class, 'index'])->name('home');
});
Route::middleware(['auth'])->group(function () {
// Admin routes
Route::middleware(['check.user.role'])->prefix('admin')->group(function () {
Route::resource('psycological-test', PsychologicalTestController::class);
Route::resource('profile', ProfileController::class);
Route::resource('task', TaskController::class, ['as' => 'admin']);
Route::resource('capsule', CapsuleController::class);
});
});
更令我惊讶的是,我决定只包含 Auth 中间件,并尝试用 dd 来破坏它,但是在执行视图时,它会正常打开,就好像它没有进入中间件一样。
在我的 web.php 中测试
Route::group(['middleware' => 'auth'], function () {
Route::group(['prefix' => 'admin'], function () {
Route::resource('capsule', CapsuleController::class);
});
});
App\Http\Middleware\Authenticate.php
/**
* Get the path the user should be redirected to when they are not authenticated.
*/
protected function redirectTo(Request $request): ?string
{
dd($request);
// return $request->expectsJson() ? null : route('login');
}
我尝试移动内核文件中的中间件,但没有成功。
内核.php
<?php
namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* @var array<int, class-string|string>
*/
protected $middleware = [
// \App\Http\Middleware\TrustHosts::class,
\App\Http\Middleware\TrustProxies::class,
\Illuminate\Http\Middleware\HandleCors::class,
\App\Http\Middleware\PreventRequestsDuringMaintenance::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\CheckUserRole::class,
\App\Http\Middleware\CheckParticipantPhase::class,
];
/**
* The application's route middleware groups.
*
* @var array<string, array<int, class-string|string>>
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
// \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
\Illuminate\Routing\Middleware\ThrottleRequests::class.':api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
];
/**
* The application's middleware aliases.
*
* Aliases may be used instead of class names to conveniently assign middleware to routes and groups.
*
* @var array<string, class-string|string>
*/
protected $middlewareAliases = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'precognitive' => \Illuminate\Foundation\Http\Middleware\HandlePrecognitiveRequests::class,
'signed' => \App\Http\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
'check.user.role' =>\App\Http\Middleware\CheckUserRole::class,
'check.participant.phase' =>\App\Http\Middleware\CheckUserStatus::class,
'localize' => \Mcamara\LaravelLocalization\Middleware\LaravelLocalizationRoutes::class,
'localizationRedirect' => \Mcamara\LaravelLocalization\Middleware\LaravelLocalizationRedirectFilter::class,
'localeSessionRedirect' => \Mcamara\LaravelLocalization\Middleware\LocaleSessionRedirect::class,
'localeCookieRedirect' => \Mcamara\LaravelLocalization\Middleware\LocaleCookieRedirect::class,
'localeViewPath' => \Mcamara\LaravelLocalization\Middleware\LaravelLocalizationViewPath::class
];
}
最后,当我运行这个时
dd(
auth()->id() ?? '?',
Auth::id() ?? '?',
$request->user()->id ?? '?',
auth()->check(),
get_class(auth()->guard())
);
我明白了
"?" // app/Http/Middleware/CheckUserRole.php:19
"?" // app/Http/Middleware/CheckUserRole.php:19
"?" // app/Http/Middleware/CheckUserRole.php:19
false // app/Http/Middleware/CheckUserRole.php:19
"Illuminate\Auth\SessionGuard" // app/Http/Middleware/CheckUserRole.php:19
任何提示或帮助将不胜感激。
答案是,你不能在全局中间件数组和别名数组中同时注册一个中间件。这就是 Laravel 无法正确使用它的原因。