我在Lumen上使用了简单的API,但是遇到了问题。如果他是该用户,我想删除该用户,但我的授权无效。
对于登录,我使用JWT令牌。
UserController.php
/**
* Delete user by user id.
*
* @param int $id
*
* @return mixed
*/
public function delete($id)
{
$user = User::find($id);
$this->authorize('delete', $user);
$user->delete();
return response()->json([
'success' => 'User deleted with success'
], 200);
}
UserPolicy.php
class UserPolicy
{
public function delete(User $user, User $user_current)
{
return $user->id === $user_current->id;
}
}
AuthServiceProvider.php
public function boot()
{
Gate::policy(User::class, UserPolicy::class);
$this->app['auth']->viaRequest('api', function ($request) {
if ($request->header('Authorization')) {
return User::where('api_token', $request->input('api_token'))->first();
}
});
}
我不明白为什么它不起作用。
[尝试使用以下标题中的标题:
Authorization : Bearer [TOKEN]
更新1:
如果您使用的是Apache,我想这可能会对您有所帮助,因为它适用于我的:只需将这些行添加到您的.htaccess文件中:
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
更新2:
好的,请像下面的代码一样更改您的AuthServiceProvider:
$this->app['auth']->viaRequest('api', function ($request) {
$token = $request->bearerToken();
if(!$token) {
// Unauthorized response if token not there
throw new Exception('token not provided');
}
.
.
.
}