使用 Laravel 进行 Web 和 api 的多重身份验证

问题描述 投票:0回答:1

我有一个使用管理员表的网络管理面板,其中前端使用 api 和用户表进行身份验证

管理员和用户模型有些相同,只是表名称不同

class Admin extends Authenticatable
{
    use HasFactory, Notifiable;

    protected $table = 'admins';
    /**
     * The attributes that are mass assignable.
     *
     * @var array<int, string>
     */
    protected $fillable = [
        'name',
        'email',
        'password',
    ];    
}

我的 config/auth.php 定义为

return [
    'defaults' => [
        'guard' => 'web',
        'passwords' => 'users',
    ],
    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'admins',
        ],
        'api' => [
            'driver' => 'sanctum',
            'provider' => 'users',
        ],
    ],
    'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model' => App\Models\User::class,
        ],
        'admins' => [
            'driver' => 'eloquent',
            'model' => App\Models\Admin::class, 
        ],
    ],
    'passwords' => [       
        'users' => [
            'provider' => 'users',
            'table' => 'password_reset_tokens',
            'expire' => 60,
            'throttle' => 60,
        ],
    ],
    'password_timeout' => 10800,
];

我的routes/web.php 定义为

Route::middleware('web')->group(function () {
    Route::Group(['prefix' => 'admin'], function () { 

        Route::get('signin', function () {
            return view('admin.signin');
        })->name('admin.signin');

我的routes/api.php 定义为

Route::middleware('auth:sanctum')->group(function () {

    Route::post('/login', [ApiController::class, 'login']);
    Route::post('/register', [ApiController::class, 'register']);
    Route::post('/forgot-password', [ApiController::class, 'sendResetLinkEmail']);
    Route::post('/search-donations', [ApiController::class, 'searchDonations']);
    Route::get('/get-categories', [ApiController::class, 'getCategories']);
    Route::get('/test', [ApiController::class, 'test']);

我的 ApiController 定义为

class ApiController extends Controller {

    public function __construct() {
        $this->middleware('auth:sanctum', ['except' => ['test', 'login', 'register', 'searchDonations', 'getCategories', 'sendResetLinkEmail']]);
    }

    public function login(Request $request) {

        // Enable query logging
        DB::enableQueryLog();
        // Validate the request data
        $validatedData = $request->validate([
            'email' => 'required|email',
            'password' => 'required',
            'device_type' => 'sometimes|string',
            'device_token' => 'sometimes|string',
        ]);

        $credentials = $request->only('email', 'password');
        
        if (Auth::attempt($credentials)) {
            // Authentication successful
           ....
    }

我的网络登录工作正常,但是当尝试进行身份验证时,API 仍在查看管理员表,我的上述配置有什么问题吗?

php laravel laravel-sanctum
1个回答
0
投票

如果您想使用 

admins
守卫进行身份验证,您需要使用 Auth 外观中的 
guard
方法来更改守卫。

if (Auth::guard('admins')->attempt()) {
    ...
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.