简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
Laravel 9 Auth issue on web and API on the same application
P粉311617763
P粉311617763 2023-12-30 15:46:56
0
1
498

I'm trying to create authentication for web and API in the same Laravel application. But the network authentication is not working... When I remove it from the .env file, I have the SESSION_DOMAIN issue, then both the authentications are working fine, but when I keep it into the .env file, the network Authentication not working properly, receiving 419 | Page expired error. 

APP_NAME=Laravel
APP_ENV=local
APP_KEY=base64:ZSiB/A6U0zU8Vn2x8gbNnU1prcw90xQBfqm3JS9qp+I=
APP_DEBUG=true
APP_URL=http://localhost

SANCTUM_STATEFUL_DOMAINS=localhost:3000
SESSION_DOMAIN=localhost

LOG_CHANNEL=stack
LOG_DEPRECATIONS_CHANNEL=null
LOG_LEVEL=debug

DB_CONNECTION=mysql
DB_HOST=localhost
DB_PORT=3306
DB_DATABASE=xpert_test
DB_USERNAME=root
DB_PASSWORD=

BROADCAST_DRIVER=log
CACHE_DRIVER=file
FILESYSTEM_DISK=local
QUEUE_CONNECTION=sync
SESSION_DRIVER=cookie
SESSION_LIFETIME=120

MEMCACHED_HOST=127.0.0.1

REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379

MAIL_MAILER=smtp
MAIL_HOST=mailhog
MAIL_PORT=1025
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS="hello@example.com"
MAIL_FROM_NAME="${APP_NAME}"

AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=
AWS_USE_PATH_STYLE_ENDPOINT=false

PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1

MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"

This is my .env file code

<?php

namespace AppHttpControllersAPI;

use AppHttpControllersController;
use AppModelsUser;
use IlluminateHttpRequest;
use IlluminateSupportFacadesAuth;
use IlluminateSupportFacadesHash;
use IlluminateSupportFacadesValidator;

class UserController extends Controller {
    // user registration
    public function register(Request $request) {

        $validator = Validator::make($request->all(), [
            'name' => 'required|string|max:255',
            'email' => 'required|string|email|unique:users,email',
            'password' => 'required|string|min:6',
            'cpassword' => 'required|string|min:6|same:password',
        ], [
            'cpassword.same' => 'Password confirmation does not match.',
        ]);

        if ($validator->fails()) {
            return response()->json([
                'success' => false,
                'errors' => $validator->errors()
            ], 200);
        }

        $user = User::create([
            'name' => $request->name,
            'email' => $request->email,
            'password' => Hash::make($request->password),
            'role' => 0
        ]);
        $request->session()->regenerate();
        return response()->json([
            'success' => true,
            'user' => $user,
            'token' => $user->createToken('API Token')->plainTextToken
        ], 200);
    }

    // user login
    public function login(Request $request) {
        $validator = Validator::make($request->all(), [
            'email' => 'required|string|email',
            'password' => 'required|string|min:5'
        ]);

        if ($validator->fails()) {
            return response()->json([
                'validationError' => true,
                'message' => $validator->errors()
            ], 200);
        }

        $creditentials = [
            'email' => $request->email,
            'password' => $request->password,
            'role' => 0
        ];

        if (!Auth::attempt($creditentials)) {
            return response()->json([
                'success' => false,
                'message' => 'Invalid credentials'
            ], 200);
        }
        $user = User::where('email', $request->email)->first();
        $request->session()->regenerate();
        return response()->json([
            'success' => true,
            'user' => Auth::user(),
            'token' => $user->createToken('API Token')->plainTextToken
        ], 200);
    }

    // user profile
    public function profile() {
        return response()->json([
            'success' => true,
            'user' => Auth::user()
        ], 200);
    }

    public function logout(Request $request) {
        $request->user()->tokens()->delete();
        $request->session()->invalidate();
        $request->session()->regenerateToken();
        return response()->json([
            'success' => true,
            'message' => 'User loggedOut successfully'
        ], 200);
    }
}

This is my API authorization code

<?php

namespace AppHttpControllers;

use AppModelsProduct;
use AppModelsQuestion;
use AppModelsSection;
use AppModelsTest;
use IlluminateHttpRequest;

class AuthController extends Controller {

    // view login page
    public function index() {
        return view('index');
    }

    // view dashboard page
    public function adminDashboard() {

        $products_count = Product::count();
        $sections_count = Section::count();
        $tests_count = Test::count();
        $questions_count = Question::count();
        return view('admin.dashboard', [
            'products_count' => $products_count,
            'sections_count' => $sections_count,
            'tests_count' => $tests_count,
            'questions_count' => $questions_count,
        ]);
    }

    // handle admin login
    public function adminLogin(Request $request) {
        $request->validate([
            'email' => 'required|email',
            'password' => 'required|max:50|min:5'
        ]);
        $credentials = $request->only(['email', 'password']);
        if (auth()->attempt($credentials)) {
            $request->session()->regenerate();
            if (auth()->user()->role === 1) {
                return redirect()->route('admin.dashboard');
            }
            // else {
            //     return redirect()->route('super.dashboard');
            // }
        }
        return redirect()->back()->withErrors(['message' => 'Invalid credentials']);
    }

    // handle admin logout
    public function logout(Request $request) {
        auth()->logout();
        $request->session()->invalidate();
        return redirect()->route('admin.login.page');
    }
}

This is my network authentication code

Route::middleware('guest')->group(function () {
  Route::get('/', [AuthController::class, 'index'])->name('admin.login.page');
  Route::post('/admin-login', [AuthController::class, 'adminLogin'])->name('admin.login');
});

Route::middleware('auth')->group(function () {
  Route::get('/logout', [AuthController::class, 'logout'])->name('logout');
  Route::get('/dashboard', [AuthController::class, 'adminDashboard'])->name('admin.dashboard');
});

This is my web.php routing file

Route::prefix('v1')->group(function () {
    // unprotected routes
    Route::post('/login', [UserController::class, 'login']);
    Route::post('/register', [UserController::class, 'register']);

    // protected routes
    Route::middleware(['auth:sanctum'])->group(function () {
        Route::get('/profile', [UserController::class, 'profile']);
        Route::post('/logout', [UserController::class, 'logout']);
    });
});

This is the api.php file code

P粉311617763
P粉311617763

reply all(1)
P粉818561682
P粉8185616822023-12-31 11:15:46 1 floor

Share more code.

419 error pages in Laravel are often related to CSRF, which request may be considered a cross-site request forgery attack.

Like +0
Add Reply
Popular Topics
More>
Popular Articles
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!