Problèmes d'authentification de Laravel 9 sur le Web et API sur la même application

Question

J'essaie de créer une authentification pour le Web et l'API dans la même application Laravel. Mais l'authentification réseau ne fonctionne pas... Lorsque je la supprime du fichier .env, j'ai le problème SESSION_DOMAIN, alors les deux authentifications fonctionnent correctement, mais lorsque je la conserve dans le fichier .env, l'authentification réseau ne fonctionne pas correctement. , réception d'une erreur 419 | Page expirée.

APP_NAME=Laravel
APP_ENV=local
APP_KEY=base64:ZSiB/A6U0zU8Vn2x8gbNnU1prcw90xQBfqm3JS9qp+I=
APP_DEBUG=true
APP_URL=http://localhost

SANCTUM_STATEFUL_DOMAINS=localhost:3000
SESSION_DOMAIN=localhost

LOG_CHANNEL=stack
LOG_DEPRECATIONS_CHANNEL=null
LOG_LEVEL=debug

DB_CONNECTION=mysql
DB_HOST=localhost
DB_PORT=3306
DB_DATABASE=xpert_test
DB_USERNAME=root
DB_PASSWORD=

BROADCAST_DRIVER=log
CACHE_DRIVER=file
FILESYSTEM_DISK=local
QUEUE_CONNECTION=sync
SESSION_DRIVER=cookie
SESSION_LIFETIME=120

MEMCACHED_HOST=127.0.0.1

REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379

MAIL_MAILER=smtp
MAIL_HOST=mailhog
MAIL_PORT=1025
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS="hello@example.com"
MAIL_FROM_NAME="${APP_NAME}"

AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=
AWS_USE_PATH_STYLE_ENDPOINT=false

PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1

MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"

Voici mon code de fichier .env

<?php

namespace AppHttpControllersAPI;

use AppHttpControllersController;
use AppModelsUser;
use IlluminateHttpRequest;
use IlluminateSupportFacadesAuth;
use IlluminateSupportFacadesHash;
use IlluminateSupportFacadesValidator;

class UserController extends Controller {
    // user registration
    public function register(Request $request) {

        $validator = Validator::make($request->all(), [
            'name' => 'required|string|max:255',
            'email' => 'required|string|email|unique:users,email',
            'password' => 'required|string|min:6',
            'cpassword' => 'required|string|min:6|same:password',
        ], [
            'cpassword.same' => 'Password confirmation does not match.',
        ]);

        if ($validator->fails()) {
            return response()->json([
                'success' => false,
                'errors' => $validator->errors()
            ], 200);
        }

        $user = User::create([
            'name' => $request->name,
            'email' => $request->email,
            'password' => Hash::make($request->password),
            'role' => 0
        ]);
        $request->session()->regenerate();
        return response()->json([
            'success' => true,
            'user' => $user,
            'token' => $user->createToken('API Token')->plainTextToken
        ], 200);
    }

    // user login
    public function login(Request $request) {
        $validator = Validator::make($request->all(), [
            'email' => 'required|string|email',
            'password' => 'required|string|min:5'
        ]);

        if ($validator->fails()) {
            return response()->json([
                'validationError' => true,
                'message' => $validator->errors()
            ], 200);
        }

        $creditentials = [
            'email' => $request->email,
            'password' => $request->password,
            'role' => 0
        ];

        if (!Auth::attempt($creditentials)) {
            return response()->json([
                'success' => false,
                'message' => 'Invalid credentials'
            ], 200);
        }
        $user = User::where('email', $request->email)->first();
        $request->session()->regenerate();
        return response()->json([
            'success' => true,
            'user' => Auth::user(),
            'token' => $user->createToken('API Token')->plainTextToken
        ], 200);
    }

    // user profile
    public function profile() {
        return response()->json([
            'success' => true,
            'user' => Auth::user()
        ], 200);
    }

    public function logout(Request $request) {
        $request->user()->tokens()->delete();
        $request->session()->invalidate();
        $request->session()->regenerateToken();
        return response()->json([
            'success' => true,
            'message' => 'User loggedOut successfully'
        ], 200);
    }
}

Voici mon code d'autorisation API

<?php

namespace AppHttpControllers;

use AppModelsProduct;
use AppModelsQuestion;
use AppModelsSection;
use AppModelsTest;
use IlluminateHttpRequest;

class AuthController extends Controller {

    // view login page
    public function index() {
        return view('index');
    }

    // view dashboard page
    public function adminDashboard() {

        $products_count = Product::count();
        $sections_count = Section::count();
        $tests_count = Test::count();
        $questions_count = Question::count();
        return view('admin.dashboard', [
            'products_count' => $products_count,
            'sections_count' => $sections_count,
            'tests_count' => $tests_count,
            'questions_count' => $questions_count,
        ]);
    }

    // handle admin login
    public function adminLogin(Request $request) {
        $request->validate([
            'email' => 'required|email',
            'password' => 'required|max:50|min:5'
        ]);
        $credentials = $request->only(['email', 'password']);
        if (auth()->attempt($credentials)) {
            $request->session()->regenerate();
            if (auth()->user()->role === 1) {
                return redirect()->route('admin.dashboard');
            }
            // else {
            //     return redirect()->route('super.dashboard');
            // }
        }
        return redirect()->back()->withErrors(['message' => 'Invalid credentials']);
    }

    // handle admin logout
    public function logout(Request $request) {
        auth()->logout();
        $request->session()->invalidate();
        return redirect()->route('admin.login.page');
    }
}

Voici mon code d'authentification réseau

Route::middleware('guest')->group(function () {
  Route::get('/', [AuthController::class, 'index'])->name('admin.login.page');
  Route::post('/admin-login', [AuthController::class, 'adminLogin'])->name('admin.login');
});

Route::middleware('auth')->group(function () {
  Route::get('/logout', [AuthController::class, 'logout'])->name('logout');
  Route::get('/dashboard', [AuthController::class, 'adminDashboard'])->name('admin.dashboard');
});

Voici mon fichier de routage web.php

Route::prefix('v1')->group(function () {
    // unprotected routes
    Route::post('/login', [UserController::class, 'login']);
    Route::post('/register', [UserController::class, 'register']);

    // protected routes
    Route::middleware(['auth:sanctum'])->group(function () {
        Route::get('/profile', [UserController::class, 'profile']);
        Route::post('/logout', [UserController::class, 'logout']);
    });
});

Voici le code du fichier api.php

Answer 1

Partagez plus de codes.

Les pages d'erreur 419 dans Laravel sont souvent liées au CSRF, dont la requête peut être considérée comme une attaque de falsification de requête intersite.