NUXT Axios 请求中的 CSRF 令牌不匹配,但 NUXT Auth 工作得很好

发布于 2025-01-11 13:16:40 字数 9028 浏览 0 评论 0原文

我已经使用 NUXT 框架实现了一个身份验证系统,并使用 laravel 9 Sanctum 作为后端。

登录时工作正常,它更新商店并且一切正常,但在注册用户时,它给出“请求失败,状态代码 419”“消息”:“CSRF 令牌不匹配”。错误:

这是我在 laravel 中的 api.php 文件


use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\AuthController;
use App\Http\Controllers\TopicController;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/
//public routes
Route::post('register', [AuthController::class, 'reg']);
Route::post('login', [AuthController::class, 'login']);
Route::post('logout', [AuthController::class, 'logout']);

//protected routes by sanctum
Route::group(['middleware' => ['auth:sanctum']], function() {
    Route::get('/user', function (Request $request) {
        return $request->user();
    });
});

这是我的 AuthController:

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use Illuminate\Http\Requests\UserRegisterRequest;
use Illuminate\Support\Facades\Hash;
use App\Models\User;
use Illuminate\Http\Respose;
use Illuminate\Auth\AuthenticationException;
use App\Http\Resources\User as UserResource;

class AuthController extends Controller
{
       
      //register a user
      public function reg(Request $request) {
        
        $user_data = $request->validate([
            'name' => 'required|string',
            'email' => 'required|string|unique:users,email',
            'password' => 'required|string|confirmed'
        ]);

        $user = User::create([
            'name' => $user_data['name'],
            'email' => $user_data['email'],
            'password' => bcrypt($user_data['password'])
        ]);


    }

  

    public function login(Request $request){
            
        if($user = !auth()->attempt($request->only('email','password'))){
            throw new AuthenticationException();
        }

        $token = auth()->user()->createToken('myapptoke')->plainTextToken;
        
        
        return (new UserResource($request->user()))->additional([
            'meta' => [
                'token' => $token,
            ],
        ]);
    }
    //logout a user
    public function logout(Request $request){
        
        auth()->user()->tokens()->delete();
        auth()->logout();
        
        $response = [
            'message' => 'logged out'
        ];
        return $response;
    }

}

Laravel .env 文件

APP_NAME=Laravel
APP_ENV=local
APP_KEY=base64:D2F/NZpkDyj1hyCCzTKe3i/5khtp/WX1k17udQjv9R8=
APP_DEBUG=true
APP_URL=

LOG_CHANNEL=stack
LOG_DEPRECATIONS_CHANNEL=null
LOG_LEVEL=debug

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=backend-laravel-nine
DB_USERNAME=root
DB_PASSWORD=

BROADCAST_DRIVER=log
CACHE_DRIVER=file
FILESYSTEM_DISK=local
QUEUE_CONNECTION=sync
SESSION_DRIVER=file
SESSION_LIFETIME=120

MEMCACHED_HOST=127.0.0.1

REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379

MAIL_MAILER=smtp
MAIL_HOST=mailhog
MAIL_PORT=1025
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS=null
MAIL_FROM_NAME="${APP_NAME}"

AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=
AWS_USE_PATH_STYLE_ENDPOINT=false

PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1

MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"


SANCTUM_STATEFUL_DOMAINS=localhost:3000
SESSION_DOMAIN=localhost

这是我的 nuxt.config.js

export default {
  // Global page headers: https://go.nuxtjs.dev/config-head
  head: {
    title: 'NUXTfreshInstallation',
    htmlAttrs: {
      lang: 'en',
    },
    meta: [
      { charset: 'utf-8' },
      { name: 'viewport', content: 'width=device-width, initial-scale=1' },
      { hid: 'description', name: 'description', content: '' },
      { name: 'format-detection', content: 'telephone=no' },
    ],
    link: [{ rel: 'icon', type: 'image/x-icon', href: '/favicon.ico' }, 
          {rel:'stylesheet', href:'/css/bootstrap.min.css'}
  ],
  scripts: [
    {type:'text/javascript', serc:'/js/bootstrap.min.js'},
    {type:'text/javascript', serc:'/js/bootstrap.bundle.min.js'},
   
  ]
  },

  // Global CSS: https://go.nuxtjs.dev/config-css
  css: [],

  // Plugins to run before rendering page: https://go.nuxtjs.dev/config-plugins
  plugins: [ "./plugins/mixins/user.js", "./plugins/mixins/validation.js","./plugins/setErrorsPlugin.js"],

  // Auto import components: https://go.nuxtjs.dev/config-components
  components: true,

  // Modules for dev and build (recommended): https://go.nuxtjs.dev/config-modules
  buildModules: [],

  // Modules: https://go.nuxtjs.dev/config-modules
  modules: [
    // https://go.nuxtjs.dev/axios
    '@nuxtjs/axios', 
    '@nuxtjs/auth-next',    

  ],

  // router: {
  //   middleware: ["clearValidationErrors"]
  // },

  auth: {
    strategies: {
      laravelSanctum: {
        provider: 'laravel/sanctum',
        url: 'http://localhost:8000',
        endpoints: {
          login: {
            url: '/api/login',
            method: 'post',
            //propertyName: 'meta.token'
          },
          user: {
            url: '/api/user',
            //method: 'get',
            //propertyName: 'data'
          },
          logout: {
            url: '/api/logout',
            //method: 'post',
          },
        },
        
      }

    },
    redirect: {
      login: '/login',
      logout: '/login',
      home: '/'
    }
  },

  // Axios module configuration: https://go.nuxtjs.dev/config-axios
  axios: {
    // Workaround to avoid enforcing hard-coded localhost:3000: https://github.com/nuxt-community/axios-module/issues/308
    baseURL: 'http://localhost:8000',

  },
 

  // Build Configuration: https://go.nuxtjs.dev/config-build
  build: {},
}

这是用户注册 .vue 页面:

<template>
<div>
    
    <div class="container col-md-6 mt-5">
        <h2>Register</h2>
        
        <hr>
        <form @submit.prevent="register" method="post">
             <div class="form-group">
                <label>Name</label>
                <input type="text" class="form-control" placeholder="Enter Name" v-model="form.name" autofocus/>
                <small  class="form-text text-danger">Show errors</small>
            </div>
            <div class="form-group">
                <label>Email address</label>
                <input type="email" class="form-control" placeholder="Enter Email" v-model.trim="form.email" />
                <small  class="form-text text-danger">Show errors</small>
            </div>
            <div class="form-group">
                <label>Password</label>
                <input type="password" class="form-control" v-model.trim="form.password" placeholder="Enter Password" />
                <small  class="form-text text-danger">Show errors</small>
            </div>
            <div class="form-group">
                <label>Confirm Password</label>
                <input type="password" class="form-control" v-model.trim="form.password_confirmation" placeholder="Enter Password Again" />
                <small  class="form-text text-danger">Show errors</small>
            </div>
            <button type="submit" class="btn btn-primary" >Register</button>
            <p> Already have an account <nuxt-link to="/Login">Login </nuxt-link></p>
        </form>
        
    </div>
</div>
    
</template>

<script>
export default {
    data () {
        return {
            form: {
                name: '',
                email: '',
                password: '',
                password_confirmation: '',
            },
            
        }
    },
    methods: {
        async register (){
            await this.$axios.post('/api/register', this.form);

            await this.$auth.loginWith('laravelSanctum', {
                data: {
                    email: this.form.email,
                    password: this.form.password
                }
            });
            
        }
    }
}

</script>

我已经尝试过可能的故障排除技术,我了解到一点问题出在我的 .env 文件中的“SANCTUM_STATEFUL_DOMAINS=localhost:3000 SESSION_DOMAIN=localhost”中,

如果我添加这样写SANCTUM_STATEFUL_DOMAINS=localhost:3000,.localhost 那么登录不起作用。

有没有任何解决方案,我将感谢您的帮助谢谢

这是我从注册请求中得到的错误

I have implemented an authentication system with NUXT framework and using laravel 9 Sanctum as the backend.

While logging in it works fine it update the store and everything is fine but while registering a user it gives a "Request failed with status code 419" "message": "CSRF token mismatch." errors:

this is my api.php file in laravel


use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\AuthController;
use App\Http\Controllers\TopicController;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/
//public routes
Route::post('register', [AuthController::class, 'reg']);
Route::post('login', [AuthController::class, 'login']);
Route::post('logout', [AuthController::class, 'logout']);

//protected routes by sanctum
Route::group(['middleware' => ['auth:sanctum']], function() {
    Route::get('/user', function (Request $request) {
        return $request->user();
    });
});

This is my AuthController:

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use Illuminate\Http\Requests\UserRegisterRequest;
use Illuminate\Support\Facades\Hash;
use App\Models\User;
use Illuminate\Http\Respose;
use Illuminate\Auth\AuthenticationException;
use App\Http\Resources\User as UserResource;

class AuthController extends Controller
{
       
      //register a user
      public function reg(Request $request) {
        
        $user_data = $request->validate([
            'name' => 'required|string',
            'email' => 'required|string|unique:users,email',
            'password' => 'required|string|confirmed'
        ]);

        $user = User::create([
            'name' => $user_data['name'],
            'email' => $user_data['email'],
            'password' => bcrypt($user_data['password'])
        ]);


    }

  

    public function login(Request $request){
            
        if($user = !auth()->attempt($request->only('email','password'))){
            throw new AuthenticationException();
        }

        $token = auth()->user()->createToken('myapptoke')->plainTextToken;
        
        
        return (new UserResource($request->user()))->additional([
            'meta' => [
                'token' => $token,
            ],
        ]);
    }
    //logout a user
    public function logout(Request $request){
        
        auth()->user()->tokens()->delete();
        auth()->logout();
        
        $response = [
            'message' => 'logged out'
        ];
        return $response;
    }

}

Laravel .env file

APP_NAME=Laravel
APP_ENV=local
APP_KEY=base64:D2F/NZpkDyj1hyCCzTKe3i/5khtp/WX1k17udQjv9R8=
APP_DEBUG=true
APP_URL=

LOG_CHANNEL=stack
LOG_DEPRECATIONS_CHANNEL=null
LOG_LEVEL=debug

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=backend-laravel-nine
DB_USERNAME=root
DB_PASSWORD=

BROADCAST_DRIVER=log
CACHE_DRIVER=file
FILESYSTEM_DISK=local
QUEUE_CONNECTION=sync
SESSION_DRIVER=file
SESSION_LIFETIME=120

MEMCACHED_HOST=127.0.0.1

REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379

MAIL_MAILER=smtp
MAIL_HOST=mailhog
MAIL_PORT=1025
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS=null
MAIL_FROM_NAME="${APP_NAME}"

AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=
AWS_USE_PATH_STYLE_ENDPOINT=false

PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1

MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"


SANCTUM_STATEFUL_DOMAINS=localhost:3000
SESSION_DOMAIN=localhost

This is my nuxt.config.js

export default {
  // Global page headers: https://go.nuxtjs.dev/config-head
  head: {
    title: 'NUXTfreshInstallation',
    htmlAttrs: {
      lang: 'en',
    },
    meta: [
      { charset: 'utf-8' },
      { name: 'viewport', content: 'width=device-width, initial-scale=1' },
      { hid: 'description', name: 'description', content: '' },
      { name: 'format-detection', content: 'telephone=no' },
    ],
    link: [{ rel: 'icon', type: 'image/x-icon', href: '/favicon.ico' }, 
          {rel:'stylesheet', href:'/css/bootstrap.min.css'}
  ],
  scripts: [
    {type:'text/javascript', serc:'/js/bootstrap.min.js'},
    {type:'text/javascript', serc:'/js/bootstrap.bundle.min.js'},
   
  ]
  },

  // Global CSS: https://go.nuxtjs.dev/config-css
  css: [],

  // Plugins to run before rendering page: https://go.nuxtjs.dev/config-plugins
  plugins: [ "./plugins/mixins/user.js", "./plugins/mixins/validation.js","./plugins/setErrorsPlugin.js"],

  // Auto import components: https://go.nuxtjs.dev/config-components
  components: true,

  // Modules for dev and build (recommended): https://go.nuxtjs.dev/config-modules
  buildModules: [],

  // Modules: https://go.nuxtjs.dev/config-modules
  modules: [
    // https://go.nuxtjs.dev/axios
    '@nuxtjs/axios', 
    '@nuxtjs/auth-next',    

  ],

  // router: {
  //   middleware: ["clearValidationErrors"]
  // },

  auth: {
    strategies: {
      laravelSanctum: {
        provider: 'laravel/sanctum',
        url: 'http://localhost:8000',
        endpoints: {
          login: {
            url: '/api/login',
            method: 'post',
            //propertyName: 'meta.token'
          },
          user: {
            url: '/api/user',
            //method: 'get',
            //propertyName: 'data'
          },
          logout: {
            url: '/api/logout',
            //method: 'post',
          },
        },
        
      }

    },
    redirect: {
      login: '/login',
      logout: '/login',
      home: '/'
    }
  },

  // Axios module configuration: https://go.nuxtjs.dev/config-axios
  axios: {
    // Workaround to avoid enforcing hard-coded localhost:3000: https://github.com/nuxt-community/axios-module/issues/308
    baseURL: 'http://localhost:8000',

  },
 

  // Build Configuration: https://go.nuxtjs.dev/config-build
  build: {},
}

This is the user register .vue page:

<template>
<div>
    
    <div class="container col-md-6 mt-5">
        <h2>Register</h2>
        
        <hr>
        <form @submit.prevent="register" method="post">
             <div class="form-group">
                <label>Name</label>
                <input type="text" class="form-control" placeholder="Enter Name" v-model="form.name" autofocus/>
                <small  class="form-text text-danger">Show errors</small>
            </div>
            <div class="form-group">
                <label>Email address</label>
                <input type="email" class="form-control" placeholder="Enter Email" v-model.trim="form.email" />
                <small  class="form-text text-danger">Show errors</small>
            </div>
            <div class="form-group">
                <label>Password</label>
                <input type="password" class="form-control" v-model.trim="form.password" placeholder="Enter Password" />
                <small  class="form-text text-danger">Show errors</small>
            </div>
            <div class="form-group">
                <label>Confirm Password</label>
                <input type="password" class="form-control" v-model.trim="form.password_confirmation" placeholder="Enter Password Again" />
                <small  class="form-text text-danger">Show errors</small>
            </div>
            <button type="submit" class="btn btn-primary" >Register</button>
            <p> Already have an account <nuxt-link to="/Login">Login </nuxt-link></p>
        </form>
        
    </div>
</div>
    
</template>

<script>
export default {
    data () {
        return {
            form: {
                name: '',
                email: '',
                password: '',
                password_confirmation: '',
            },
            
        }
    },
    methods: {
        async register (){
            await this.$axios.post('/api/register', this.form);

            await this.$auth.loginWith('laravelSanctum', {
                data: {
                    email: this.form.email,
                    password: this.form.password
                }
            });
            
        }
    }
}

</script>

I have tried may troubleshooting techniques, I understood a little that the problem is in my .env file in "SANCTUM_STATEFUL_DOMAINS=localhost:3000 SESSION_DOMAIN=localhost "

if i add write it like this SANCTUM_STATEFUL_DOMAINS=localhost:3000,.localhost then the login does not work.

Is there any solutions I will appreciate your help Thanks

This is the error i get from the register request

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

迷爱 2025-01-18 13:16:40

尝试更改

SANCTUM_STATEFUL_DOMAINS=localhost:3000

 SANCTUM_STATEFUL_DOMAINS=http://localhost:3000

Try to change

SANCTUM_STATEFUL_DOMAINS=localhost:3000

to

 SANCTUM_STATEFUL_DOMAINS=http://localhost:3000
撩发小公举 2025-01-18 13:16:40

尝试将 csrf 令牌添加到您的注册视图中,如下所示:

<form @submit.prevent="register" method="post">
             @csrf
             <div class="form-group">
                <label>Name</label>
                ...

Try to add csrf token into your registration view like this:

<form @submit.prevent="register" method="post">
             @csrf
             <div class="form-group">
                <label>Name</label>
                ...
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文