NUXT Axios 请求中的 CSRF 令牌不匹配,但 NUXT Auth 工作得很好
我已经使用 NUXT 框架实现了一个身份验证系统,并使用 laravel 9 Sanctum 作为后端。
登录时工作正常,它更新商店并且一切正常,但在注册用户时,它给出“请求失败,状态代码 419”“消息”:“CSRF 令牌不匹配”。错误:
这是我在 laravel 中的 api.php 文件
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\AuthController;
use App\Http\Controllers\TopicController;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/
//public routes
Route::post('register', [AuthController::class, 'reg']);
Route::post('login', [AuthController::class, 'login']);
Route::post('logout', [AuthController::class, 'logout']);
//protected routes by sanctum
Route::group(['middleware' => ['auth:sanctum']], function() {
Route::get('/user', function (Request $request) {
return $request->user();
});
});
这是我的 AuthController:
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Http\Requests\UserRegisterRequest;
use Illuminate\Support\Facades\Hash;
use App\Models\User;
use Illuminate\Http\Respose;
use Illuminate\Auth\AuthenticationException;
use App\Http\Resources\User as UserResource;
class AuthController extends Controller
{
//register a user
public function reg(Request $request) {
$user_data = $request->validate([
'name' => 'required|string',
'email' => 'required|string|unique:users,email',
'password' => 'required|string|confirmed'
]);
$user = User::create([
'name' => $user_data['name'],
'email' => $user_data['email'],
'password' => bcrypt($user_data['password'])
]);
}
public function login(Request $request){
if($user = !auth()->attempt($request->only('email','password'))){
throw new AuthenticationException();
}
$token = auth()->user()->createToken('myapptoke')->plainTextToken;
return (new UserResource($request->user()))->additional([
'meta' => [
'token' => $token,
],
]);
}
//logout a user
public function logout(Request $request){
auth()->user()->tokens()->delete();
auth()->logout();
$response = [
'message' => 'logged out'
];
return $response;
}
}
Laravel .env 文件
APP_NAME=Laravel
APP_ENV=local
APP_KEY=base64:D2F/NZpkDyj1hyCCzTKe3i/5khtp/WX1k17udQjv9R8=
APP_DEBUG=true
APP_URL=
LOG_CHANNEL=stack
LOG_DEPRECATIONS_CHANNEL=null
LOG_LEVEL=debug
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=backend-laravel-nine
DB_USERNAME=root
DB_PASSWORD=
BROADCAST_DRIVER=log
CACHE_DRIVER=file
FILESYSTEM_DISK=local
QUEUE_CONNECTION=sync
SESSION_DRIVER=file
SESSION_LIFETIME=120
MEMCACHED_HOST=127.0.0.1
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
MAIL_MAILER=smtp
MAIL_HOST=mailhog
MAIL_PORT=1025
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS=null
MAIL_FROM_NAME="${APP_NAME}"
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=
AWS_USE_PATH_STYLE_ENDPOINT=false
PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1
MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
SANCTUM_STATEFUL_DOMAINS=localhost:3000
SESSION_DOMAIN=localhost
这是我的 nuxt.config.js
export default {
// Global page headers: https://go.nuxtjs.dev/config-head
head: {
title: 'NUXTfreshInstallation',
htmlAttrs: {
lang: 'en',
},
meta: [
{ charset: 'utf-8' },
{ name: 'viewport', content: 'width=device-width, initial-scale=1' },
{ hid: 'description', name: 'description', content: '' },
{ name: 'format-detection', content: 'telephone=no' },
],
link: [{ rel: 'icon', type: 'image/x-icon', href: '/favicon.ico' },
{rel:'stylesheet', href:'/css/bootstrap.min.css'}
],
scripts: [
{type:'text/javascript', serc:'/js/bootstrap.min.js'},
{type:'text/javascript', serc:'/js/bootstrap.bundle.min.js'},
]
},
// Global CSS: https://go.nuxtjs.dev/config-css
css: [],
// Plugins to run before rendering page: https://go.nuxtjs.dev/config-plugins
plugins: [ "./plugins/mixins/user.js", "./plugins/mixins/validation.js","./plugins/setErrorsPlugin.js"],
// Auto import components: https://go.nuxtjs.dev/config-components
components: true,
// Modules for dev and build (recommended): https://go.nuxtjs.dev/config-modules
buildModules: [],
// Modules: https://go.nuxtjs.dev/config-modules
modules: [
// https://go.nuxtjs.dev/axios
'@nuxtjs/axios',
'@nuxtjs/auth-next',
],
// router: {
// middleware: ["clearValidationErrors"]
// },
auth: {
strategies: {
laravelSanctum: {
provider: 'laravel/sanctum',
url: 'http://localhost:8000',
endpoints: {
login: {
url: '/api/login',
method: 'post',
//propertyName: 'meta.token'
},
user: {
url: '/api/user',
//method: 'get',
//propertyName: 'data'
},
logout: {
url: '/api/logout',
//method: 'post',
},
},
}
},
redirect: {
login: '/login',
logout: '/login',
home: '/'
}
},
// Axios module configuration: https://go.nuxtjs.dev/config-axios
axios: {
// Workaround to avoid enforcing hard-coded localhost:3000: https://github.com/nuxt-community/axios-module/issues/308
baseURL: 'http://localhost:8000',
},
// Build Configuration: https://go.nuxtjs.dev/config-build
build: {},
}
这是用户注册 .vue 页面:
<template>
<div>
<div class="container col-md-6 mt-5">
<h2>Register</h2>
<hr>
<form @submit.prevent="register" method="post">
<div class="form-group">
<label>Name</label>
<input type="text" class="form-control" placeholder="Enter Name" v-model="form.name" autofocus/>
<small class="form-text text-danger">Show errors</small>
</div>
<div class="form-group">
<label>Email address</label>
<input type="email" class="form-control" placeholder="Enter Email" v-model.trim="form.email" />
<small class="form-text text-danger">Show errors</small>
</div>
<div class="form-group">
<label>Password</label>
<input type="password" class="form-control" v-model.trim="form.password" placeholder="Enter Password" />
<small class="form-text text-danger">Show errors</small>
</div>
<div class="form-group">
<label>Confirm Password</label>
<input type="password" class="form-control" v-model.trim="form.password_confirmation" placeholder="Enter Password Again" />
<small class="form-text text-danger">Show errors</small>
</div>
<button type="submit" class="btn btn-primary" >Register</button>
<p> Already have an account <nuxt-link to="/Login">Login </nuxt-link></p>
</form>
</div>
</div>
</template>
<script>
export default {
data () {
return {
form: {
name: '',
email: '',
password: '',
password_confirmation: '',
},
}
},
methods: {
async register (){
await this.$axios.post('/api/register', this.form);
await this.$auth.loginWith('laravelSanctum', {
data: {
email: this.form.email,
password: this.form.password
}
});
}
}
}
</script>
我已经尝试过可能的故障排除技术,我了解到一点问题出在我的 .env 文件中的“SANCTUM_STATEFUL_DOMAINS=localhost:3000 SESSION_DOMAIN=localhost”中,
如果我添加这样写SANCTUM_STATEFUL_DOMAINS=localhost:3000,.localhost 那么登录不起作用。
有没有任何解决方案,我将感谢您的帮助谢谢
I have implemented an authentication system with NUXT framework and using laravel 9 Sanctum as the backend.
While logging in it works fine it update the store and everything is fine but while registering a user it gives a "Request failed with status code 419" "message": "CSRF token mismatch." errors:
this is my api.php file in laravel
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\AuthController;
use App\Http\Controllers\TopicController;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/
//public routes
Route::post('register', [AuthController::class, 'reg']);
Route::post('login', [AuthController::class, 'login']);
Route::post('logout', [AuthController::class, 'logout']);
//protected routes by sanctum
Route::group(['middleware' => ['auth:sanctum']], function() {
Route::get('/user', function (Request $request) {
return $request->user();
});
});
This is my AuthController:
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Http\Requests\UserRegisterRequest;
use Illuminate\Support\Facades\Hash;
use App\Models\User;
use Illuminate\Http\Respose;
use Illuminate\Auth\AuthenticationException;
use App\Http\Resources\User as UserResource;
class AuthController extends Controller
{
//register a user
public function reg(Request $request) {
$user_data = $request->validate([
'name' => 'required|string',
'email' => 'required|string|unique:users,email',
'password' => 'required|string|confirmed'
]);
$user = User::create([
'name' => $user_data['name'],
'email' => $user_data['email'],
'password' => bcrypt($user_data['password'])
]);
}
public function login(Request $request){
if($user = !auth()->attempt($request->only('email','password'))){
throw new AuthenticationException();
}
$token = auth()->user()->createToken('myapptoke')->plainTextToken;
return (new UserResource($request->user()))->additional([
'meta' => [
'token' => $token,
],
]);
}
//logout a user
public function logout(Request $request){
auth()->user()->tokens()->delete();
auth()->logout();
$response = [
'message' => 'logged out'
];
return $response;
}
}
Laravel .env file
APP_NAME=Laravel
APP_ENV=local
APP_KEY=base64:D2F/NZpkDyj1hyCCzTKe3i/5khtp/WX1k17udQjv9R8=
APP_DEBUG=true
APP_URL=
LOG_CHANNEL=stack
LOG_DEPRECATIONS_CHANNEL=null
LOG_LEVEL=debug
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=backend-laravel-nine
DB_USERNAME=root
DB_PASSWORD=
BROADCAST_DRIVER=log
CACHE_DRIVER=file
FILESYSTEM_DISK=local
QUEUE_CONNECTION=sync
SESSION_DRIVER=file
SESSION_LIFETIME=120
MEMCACHED_HOST=127.0.0.1
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
MAIL_MAILER=smtp
MAIL_HOST=mailhog
MAIL_PORT=1025
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS=null
MAIL_FROM_NAME="${APP_NAME}"
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=
AWS_USE_PATH_STYLE_ENDPOINT=false
PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1
MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
SANCTUM_STATEFUL_DOMAINS=localhost:3000
SESSION_DOMAIN=localhost
This is my nuxt.config.js
export default {
// Global page headers: https://go.nuxtjs.dev/config-head
head: {
title: 'NUXTfreshInstallation',
htmlAttrs: {
lang: 'en',
},
meta: [
{ charset: 'utf-8' },
{ name: 'viewport', content: 'width=device-width, initial-scale=1' },
{ hid: 'description', name: 'description', content: '' },
{ name: 'format-detection', content: 'telephone=no' },
],
link: [{ rel: 'icon', type: 'image/x-icon', href: '/favicon.ico' },
{rel:'stylesheet', href:'/css/bootstrap.min.css'}
],
scripts: [
{type:'text/javascript', serc:'/js/bootstrap.min.js'},
{type:'text/javascript', serc:'/js/bootstrap.bundle.min.js'},
]
},
// Global CSS: https://go.nuxtjs.dev/config-css
css: [],
// Plugins to run before rendering page: https://go.nuxtjs.dev/config-plugins
plugins: [ "./plugins/mixins/user.js", "./plugins/mixins/validation.js","./plugins/setErrorsPlugin.js"],
// Auto import components: https://go.nuxtjs.dev/config-components
components: true,
// Modules for dev and build (recommended): https://go.nuxtjs.dev/config-modules
buildModules: [],
// Modules: https://go.nuxtjs.dev/config-modules
modules: [
// https://go.nuxtjs.dev/axios
'@nuxtjs/axios',
'@nuxtjs/auth-next',
],
// router: {
// middleware: ["clearValidationErrors"]
// },
auth: {
strategies: {
laravelSanctum: {
provider: 'laravel/sanctum',
url: 'http://localhost:8000',
endpoints: {
login: {
url: '/api/login',
method: 'post',
//propertyName: 'meta.token'
},
user: {
url: '/api/user',
//method: 'get',
//propertyName: 'data'
},
logout: {
url: '/api/logout',
//method: 'post',
},
},
}
},
redirect: {
login: '/login',
logout: '/login',
home: '/'
}
},
// Axios module configuration: https://go.nuxtjs.dev/config-axios
axios: {
// Workaround to avoid enforcing hard-coded localhost:3000: https://github.com/nuxt-community/axios-module/issues/308
baseURL: 'http://localhost:8000',
},
// Build Configuration: https://go.nuxtjs.dev/config-build
build: {},
}
This is the user register .vue page:
<template>
<div>
<div class="container col-md-6 mt-5">
<h2>Register</h2>
<hr>
<form @submit.prevent="register" method="post">
<div class="form-group">
<label>Name</label>
<input type="text" class="form-control" placeholder="Enter Name" v-model="form.name" autofocus/>
<small class="form-text text-danger">Show errors</small>
</div>
<div class="form-group">
<label>Email address</label>
<input type="email" class="form-control" placeholder="Enter Email" v-model.trim="form.email" />
<small class="form-text text-danger">Show errors</small>
</div>
<div class="form-group">
<label>Password</label>
<input type="password" class="form-control" v-model.trim="form.password" placeholder="Enter Password" />
<small class="form-text text-danger">Show errors</small>
</div>
<div class="form-group">
<label>Confirm Password</label>
<input type="password" class="form-control" v-model.trim="form.password_confirmation" placeholder="Enter Password Again" />
<small class="form-text text-danger">Show errors</small>
</div>
<button type="submit" class="btn btn-primary" >Register</button>
<p> Already have an account <nuxt-link to="/Login">Login </nuxt-link></p>
</form>
</div>
</div>
</template>
<script>
export default {
data () {
return {
form: {
name: '',
email: '',
password: '',
password_confirmation: '',
},
}
},
methods: {
async register (){
await this.$axios.post('/api/register', this.form);
await this.$auth.loginWith('laravelSanctum', {
data: {
email: this.form.email,
password: this.form.password
}
});
}
}
}
</script>
I have tried may troubleshooting techniques, I understood a little that the problem is in my .env file in "SANCTUM_STATEFUL_DOMAINS=localhost:3000 SESSION_DOMAIN=localhost "
if i add write it like this SANCTUM_STATEFUL_DOMAINS=localhost:3000,.localhost then the login does not work.
Is there any solutions I will appreciate your help Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
尝试更改
为
Try to change
to
尝试将 csrf 令牌添加到您的注册视图中,如下所示:
Try to add csrf token into your registration view like this: