我正在编写一个Laravel 5.1 RestFUL API,但是我有一个非常奇怪的问题,中间件和控制器响应(总是空的)。
路线:
Route::group(['prefix' => 'api/v1', 'middleware' => 'token.api'], function () {
Route::post('game/add/{id}', 'GameController@addGameToUser');
});
中间件在kernel.php中被正确定义:
protected $routeMiddleware = [
'auth' => 'App'Http'Middleware'Authenticate::class,
'auth.basic' => 'Illuminate'Auth'Middleware'AuthenticateWithBasicAuth::class,
'guest' => 'App'Http'Middleware'RedirectIfAuthenticated::class,
'token.api' => 'App'Http'Middleware'TokenMiddleware::class,
];
我已经删除了
' App ' Http '中间件' VerifyCsrfToken::类
从中间件全局变量,因为我只使用AJAX API调用。
在我的中间件中,我检查只是我有一个令牌头参数:
中间件代码:
<?php
namespace App'Http'Middleware;
use Closure;
class TokenMiddleware
{
/**
* Handle an incoming request.
*
* @param 'Illuminate'Http'Request $request
* @param 'Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
header('Access-Control-Allow-Headers: Origin, Content-Type, Token, Accept, Authorization, X-Request-With');
header('Access-Control-Allow-Credentials: true');
$token = $request->header('Token');
if($token == null)
return response('Not valid token provider.', 401);
else
{
$next($request);
}
}
}
在我的控制器(GameController),并在addGameToUser方法中,我只是返回一个JSON测试值,但响应总是空的(邮递员测试)。如果我从控制器中删除中间件,一切工作正常..。我不知道为什么……
控制器代码:
<?php
namespace App'Http'Controllers;
use Illuminate'Http'Request;
use App'Http'Controllers'Controller;
use App'UserGame;
class GameController extends Controller
{
public function addGameToUser(Request $request, $idGame)
{
return response()->json(['status'=>'ok','data'=>'data_example'], 200);
}
}
非常感谢!!
如果$token
不为空,则不返回handle()
中的任何内容。试试这个:
public function handle($request, Closure $next)
{
header('Access-Control-Allow-Origin: *');
...
$token = $request->header('Token');
if($token == null) return response('Not valid token provider.', 401);
// return the $next closure, so other Middlewares can run
return $next($request);
}
您忘记返回响应了。只需添加如下所示的return
return $next($request);
不要删除VerifyCsrfToken.php它用于安全目的。有一些方法可以避免CSRF。你可以避免使用完整的路由,也可以避免使用特定的url。首先转到VerifyCsrfToken.php并像这样编辑
如果想避免路由,试试这个
//add an array of Routes to skip CSRF check
private $openRoutes = ['free/route', 'free/too'];
//修改函数
public function handle($request, Closure $next)
{
//add this condition
foreach($this->openRoutes as $route) {
if ($request->is($route)) {
return $next($request);
}
}
return parent::handle($request, $next);
}
希望能成功