如何根据角色和权限将L5-Swagger文档限制在用户身上?
我在L5-Swagger配置中添加了中间件,并试图打印出用户对象,但它又回来了。
是否可以使用Laravel内部定义的角色和权限来限制由Swagger生成的特定或所有API/文档?
编辑 这是中间件,这里不太特别。我只是试图检查用户是否存在此处,并且失败。
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
class ApiDocumentationAuthCheck
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure(\Illuminate\Http\Request):
(\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
*/
public function handle(Request $request, Closure $next)
{
dd(Auth()->user());
// if auth User allow access to API
return $next($request);
// else redirect to Login route with auto redirect back
}
}
在L5-Swagger配置中,我已经设置了这样的中间件
'middleware' => [
'api' => ['ApiDocumentationAuthCheck'],
'asset' => [],
'docs' => [],
'oauth2_callback' => [],
],
I added middleware in the l5-swagger config and tried to print out the user object but it comes back null.
Is it possible to restrict specific or all API/documentation generated by swagger using roles and permissions defined inside of Laravel?
Edit
Heres the Middleware, not much special here. IM just trying to check if the user exists here and it fails.
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
class ApiDocumentationAuthCheck
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure(\Illuminate\Http\Request):
(\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
*/
public function handle(Request $request, Closure $next)
{
dd(Auth()->user());
// if auth User allow access to API
return $next($request);
// else redirect to Login route with auto redirect back
}
}
In the l5-swagger config I have set the middleware like this
'middleware' => [
'api' => ['ApiDocumentationAuthCheck'],
'asset' => [],
'docs' => [],
'oauth2_callback' => [],
],
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您的用户返回null是正常的,您是否登录您是否登录,因为L5-Swagger文档的路由被隔开了(含义:他们不会通过Web或API路由),这意味着没有预定义的中间件对于他们(包括处理身份验证的中间件)
才能使其起作用 。
默认的是Web或API,
现在您可以访问您的auth :: user()
注意:此处的顺序很重要,因为请求按照中间用品的顺序和默认的中间件来检查会话并初始化它们如有必要。
例如,在我的情况下,我测试用户是否未经认证,然后对其进行认证:
It is normal that your user returns null, wether you are logged in or not because the routes for l5-swagger documentation are handeled apart (meaning : they do not pass through web or api routes) which means that there are no pre-defined middlewares for them ( including the middlewares that handle the authentication)
To make it work you need to put all the middlewares you use for your routes :
The default ones are either web or api
now you will have access to your Auth::user()
Note: the order here is important because the request passes through the middlewares in order and the default middleware are used to check the sessions and initialize them if necessary.
Example in my case I test if the user is not authenticated then I authenticate it: