Laravel Sanctum令牌安全问题/搜索关于Sanctum的非常详细的教程
Laravel Sanctum令牌安全问题/搜索关于Sanctum的非常详细的教程
提问于 2021-05-26 11:02:46
我阅读了Laravel Jetstream和Sanctum的官方文档,但我仍然不理解一些事情。
首先,我用以下方式保护端点
Route::get('/endpointtoprotect', [AuthController::class, 'endpointtoprotect'])->middleware('auth:sanctum');
因此,要使用该端点,我需要来自“api/login”令牌。我检查过了,它起作用了。但是当我故意放了一个不正确的令牌时,它不起作用,而不是返回给我一个401,而是返回一个200到登录页面,代码如下:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="csrf-token" content="wwDHIrOCqffknYEmWbOZi8ZQmlCRuCw2SfqdI0C5">
<title>Laravel</title>
<!-- Fonts -->
<link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Nunito:wght@400;600;700&display=swap">
<!-- Styles -->
<link rel="stylesheet" href="/css/app.css">
<!-- Scripts -->
<script src="/js/app.js" defer></script>
</head>
<body>
<div class="font-sans text-gray-900 antialiased">
<div class="min-h-screen flex flex-col sm:justify-center items-center pt-6 sm:pt-0 bg-gray-100">
<div>
<a href="/">
<svg class="w-16 h-16" viewbox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg">
<path
d="M11.395 44.428C4.557 40.198 0 32.632 0 24 0 10.745 10.745 0 24 0a23.891 23.891 0 0113.997 4.502c-.2 17.907-11.097 33.245-26.602 39.926z"
fill="#6875F5" />
<path
d="M14.134 45.885A23.914 23.914 0 0024 48c13.255 0 24-10.745 24-24 0-3.516-.756-6.856-2.115-9.866-4.659 15.143-16.608 27.092-31.75 31.751z"
fill="#6875F5" />
</svg>
</a>
</div>
<div class="w-full sm:max-w-md mt-6 px-6 py-4 bg-white shadow-md overflow-hidden sm:rounded-lg">
<form method="POST" action="http://localhost:8000/login">
<input type="hidden" name="_token" value="wwDHIrOCqffknYEmWbOZi8ZQmlCRuCw2SfqdI0C5">
<div>
<label class="block font-medium text-sm text-gray-700" for="email">
Email
</label>
<input class="border-gray-300 focus:border-indigo-300 focus:ring focus:ring-indigo-200 focus:ring-opacity-50 rounded-md shadow-sm block mt-1 w-full" id="email" type="email" name="email" required="required" autofocus="autofocus">
</div>
<div class="mt-4">
<label class="block font-medium text-sm text-gray-700" for="password">
Password
</label>
<input class="border-gray-300 focus:border-indigo-300 focus:ring focus:ring-indigo-200 focus:ring-opacity-50 rounded-md shadow-sm block mt-1 w-full" id="password" type="password" name="password" required="required" autocomplete="current-password">
</div>
<div class="block mt-4">
<label for="remember_me" class="flex items-center">
<input type="checkbox" class="rounded border-gray-300 text-indigo-600 shadow-sm focus:border-indigo-300 focus:ring focus:ring-indigo-200 focus:ring-opacity-50" id="remember_me" name="remember">
<span class="ml-2 text-sm text-gray-600">Remember me</span>
</label>
</div>
<div class="flex items-center justify-end mt-4">
<a class="underline text-sm text-gray-600 hover:text-gray-900"
href="http://localhost:8000/forgot-password">
Forgot your password?
</a>
<button type="submit" class="inline-flex items-center px-4 py-2 bg-gray-800 border border-transparent rounded-md font-semibold text-xs text-white uppercase tracking-widest hover:bg-gray-700 active:bg-gray-900 focus:outline-none focus:border-gray-900 focus:ring focus:ring-gray-300 disabled:opacity-25 transition ml-4">
Log in
</button>
</div>
</form>
</div>
</div>
</div>
</body>
</html>```
Does someone has a better tutorial or can explain to me basics of this sanctum authorization? It is supposed to be a built-in integrated solution but I don't see any simplicity about this. I'm seeing there is more documentation about JWT Tokens, but the functionality may be similar.回答 1
Stack Overflow用户
回答已采纳
发布于 2021-05-27 06:37:09
解决方案:
在向/api端点发出请求时,请包括HTTP头accept: application/json。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/67698004
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号