J'essaie de créer une authentification pour le Web et l'API dans la même application Laravel. Mais l'authentification réseau ne fonctionne pas... Lorsque je la supprime du fichier .env, j'ai le problème SESSION_DOMAIN, alors les deux authentifications fonctionnent correctement, mais lorsque je la conserve dans le fichier .env, l'authentification réseau ne fonctionne pas correctement. , réception d'une erreur 419 | Page expirée.
APP_NAME=Laravel APP_ENV=local APP_KEY=base64:ZSiB/A6U0zU8Vn2x8gbNnU1prcw90xQBfqm3JS9qp+I= APP_DEBUG=true APP_URL=http://localhost SANCTUM_STATEFUL_DOMAINS=localhost:3000 SESSION_DOMAIN=localhost LOG_CHANNEL=stack LOG_DEPRECATIONS_CHANNEL=null LOG_LEVEL=debug DB_CONNECTION=mysql DB_HOST=localhost DB_PORT=3306 DB_DATABASE=xpert_test DB_USERNAME=root DB_PASSWORD= BROADCAST_DRIVER=log CACHE_DRIVER=file FILESYSTEM_DISK=local QUEUE_CONNECTION=sync SESSION_DRIVER=cookie SESSION_LIFETIME=120 MEMCACHED_HOST=127.0.0.1 REDIS_HOST=127.0.0.1 REDIS_PASSWORD=null REDIS_PORT=6379 MAIL_MAILER=smtp MAIL_HOST=mailhog MAIL_PORT=1025 MAIL_USERNAME=null MAIL_PASSWORD=null MAIL_ENCRYPTION=null MAIL_FROM_ADDRESS="hello@example.com" MAIL_FROM_NAME="${APP_NAME}" AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= AWS_DEFAULT_REGION=us-east-1 AWS_BUCKET= AWS_USE_PATH_STYLE_ENDPOINT=false PUSHER_APP_ID= PUSHER_APP_KEY= PUSHER_APP_SECRET= PUSHER_APP_CLUSTER=mt1 MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}" MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
Voici mon code de fichier .env
<?php namespace AppHttpControllersAPI; use AppHttpControllersController; use AppModelsUser; use IlluminateHttpRequest; use IlluminateSupportFacadesAuth; use IlluminateSupportFacadesHash; use IlluminateSupportFacadesValidator; class UserController extends Controller { // user registration public function register(Request $request) { $validator = Validator::make($request->all(), [ 'name' => 'required|string|max:255', 'email' => 'required|string|email|unique:users,email', 'password' => 'required|string|min:6', 'cpassword' => 'required|string|min:6|same:password', ], [ 'cpassword.same' => 'Password confirmation does not match.', ]); if ($validator->fails()) { return response()->json([ 'success' => false, 'errors' => $validator->errors() ], 200); } $user = User::create([ 'name' => $request->name, 'email' => $request->email, 'password' => Hash::make($request->password), 'role' => 0 ]); $request->session()->regenerate(); return response()->json([ 'success' => true, 'user' => $user, 'token' => $user->createToken('API Token')->plainTextToken ], 200); } // user login public function login(Request $request) { $validator = Validator::make($request->all(), [ 'email' => 'required|string|email', 'password' => 'required|string|min:5' ]); if ($validator->fails()) { return response()->json([ 'validationError' => true, 'message' => $validator->errors() ], 200); } $creditentials = [ 'email' => $request->email, 'password' => $request->password, 'role' => 0 ]; if (!Auth::attempt($creditentials)) { return response()->json([ 'success' => false, 'message' => 'Invalid credentials' ], 200); } $user = User::where('email', $request->email)->first(); $request->session()->regenerate(); return response()->json([ 'success' => true, 'user' => Auth::user(), 'token' => $user->createToken('API Token')->plainTextToken ], 200); } // user profile public function profile() { return response()->json([ 'success' => true, 'user' => Auth::user() ], 200); } public function logout(Request $request) { $request->user()->tokens()->delete(); $request->session()->invalidate(); $request->session()->regenerateToken(); return response()->json([ 'success' => true, 'message' => 'User loggedOut successfully' ], 200); } }
Voici mon code d'autorisation API
<?php namespace AppHttpControllers; use AppModelsProduct; use AppModelsQuestion; use AppModelsSection; use AppModelsTest; use IlluminateHttpRequest; class AuthController extends Controller { // view login page public function index() { return view('index'); } // view dashboard page public function adminDashboard() { $products_count = Product::count(); $sections_count = Section::count(); $tests_count = Test::count(); $questions_count = Question::count(); return view('admin.dashboard', [ 'products_count' => $products_count, 'sections_count' => $sections_count, 'tests_count' => $tests_count, 'questions_count' => $questions_count, ]); } // handle admin login public function adminLogin(Request $request) { $request->validate([ 'email' => 'required|email', 'password' => 'required|max:50|min:5' ]); $credentials = $request->only(['email', 'password']); if (auth()->attempt($credentials)) { $request->session()->regenerate(); if (auth()->user()->role === 1) { return redirect()->route('admin.dashboard'); } // else { // return redirect()->route('super.dashboard'); // } } return redirect()->back()->withErrors(['message' => 'Invalid credentials']); } // handle admin logout public function logout(Request $request) { auth()->logout(); $request->session()->invalidate(); return redirect()->route('admin.login.page'); } }
Voici mon code d'authentification réseau
Route::middleware('guest')->group(function () { Route::get('/', [AuthController::class, 'index'])->name('admin.login.page'); Route::post('/admin-login', [AuthController::class, 'adminLogin'])->name('admin.login'); }); Route::middleware('auth')->group(function () { Route::get('/logout', [AuthController::class, 'logout'])->name('logout'); Route::get('/dashboard', [AuthController::class, 'adminDashboard'])->name('admin.dashboard'); });
Voici mon fichier de routage web.php
Route::prefix('v1')->group(function () { // unprotected routes Route::post('/login', [UserController::class, 'login']); Route::post('/register', [UserController::class, 'register']); // protected routes Route::middleware(['auth:sanctum'])->group(function () { Route::get('/profile', [UserController::class, 'profile']); Route::post('/logout', [UserController::class, 'logout']); }); });
Voici le code du fichier api.php
Partagez plus de codes.
Les pages d'erreur 419 dans Laravel sont souvent liées au CSRF, dont la requête peut être considérée comme une attaque de falsification de requête intersite.