laravel¹Ø±ÕtokenÑéÖ¤
laravelÊÇÒ»¸öÊ¢ÐеÄphp¿ò¼Ü£¬ËüÌṩÁËÐí¶àÀû±ãµÄ¹¦Ð§ºÍ¹¤¾ß£¬×ÊÖú¿ª·¢Ö°Ô±¿ìËÙ¡¢¸ßЧµØ¹¹½¨webÓ¦ÓóÌÐò¡£ÆäÖÐÒ»¸öÖ÷ÒªµÄ¹¦Ð§ÊÇtokenÑéÖ¤£¬ËüÊÇÒ»ÖÖÇå¾²»úÖÆ£¬ÓÃÓÚÈ·±£Óû§µÄÐÅÏ¢²»»á±»²»·¨»á¼û»òÐ޸ġ£µ«ÓÐʱ¼ä£¬¿ª·¢ÕßÐèÒªÔÝʱ¹Ø±ÕtokenÑéÖ¤¡£±¾ÎĽ«ÏÈÈÝÔÚlaravelÖÐÔõÑù¹Ø±ÕtokenÑéÖ¤¡£
Ò»¡¢ÎªÊ²Ã´¹Ø±ÕTokenÑéÖ¤£¿
ÔÚLaravelÖУ¬TokenÑéÖ¤ÊÇĬÈÏ¿ªÆôµÄ¡£µ±Óû§Í¨¹ýWebÓ¦ÓóÌÐò¾ÙÐеǼ»ò×¢²áʱ£¬Laravel»á×Ô¶¯ÌìÉúÒ»¸öToken£¬ÓÃÓÚÑéÖ¤Óû§Éí·ÝºÍ±ÜÃâ¶ñÒâ¹¥»÷¡£Õâ¿ÉÒÔÌá¸ßWebÓ¦ÓóÌÐòµÄÇå¾²ÐÔ£¬ïÔÌDZÔÚµÄΣº¦¡£
µ«ÔÚijЩÇéÐÎÏ£¬¿ª·¢Õß¿ÉÄÜÐèÒªÔÝʱ¹Ø±ÕTokenÑéÖ¤¡£ÀýÈ磬µ±¿ª·¢Ö°Ô±ÕýÔÚ¾ÙÐвâÊÔ»òµ÷ÊÔʱ£¬¹Ø±ÕTokenÑéÖ¤¿ÉÒÔ¼ÓËÙ¿ª·¢ËÙÂʺÍЧÂÊ¡£±ðµÄ£¬ÔÚijЩÇéÐÎÏ£¬Å²ÓõÚÈý·½API»ò¼¯³ÉÆäËûϵͳʱ£¬ÐèÒªÔÝʱ½ûÓÃTokenÑéÖ¤¡£
¶þ¡¢ÔõÑù¹Ø±ÕTokenÑéÖ¤£¿
ÔÚLaravelÖУ¬¹Ø±ÕTokenÑéÖ¤¿ÉÒÔͨ¹ýÁ½ÖÖ·½·¨ÊµÏÖ¡£
ÔÚÖÐÐļþÖйرÕTokenÑéÖ¤
ÖÐÐļþÊÇLaravelÖÐÒ»¸öºÜÊÇÇ¿Ê¢µÄ¹¦Ð§£¬¿ÉÒÔÓÃÓÚ´¦ÀíHTTPÇëÇóºÍÏìÓ¦¡£ÔÚLaravelÖУ¬TokenÑéÖ¤ÊÇÔÚÖÐÐļþÖÐʵÏֵġ£Òò´Ë£¬¿ÉÒÔÔÚÖÐÐļþÖÐÐÞ¸ÄTokenÑéÖ¤µÄÐÐΪ¡£
Òª¹Ø±ÕTokenÑéÖ¤£¬¿ÉÒÔ±à¼AppHttpMiddlewareVerifyCsrfToken.phpÎļþ£¬½«Æäת»»ÎªÒÔÏ´úÂ룺
<?php namespace AppHttpMiddleware; use IlluminateFoundationHttpMiddlewareVerifyCsrfToken as Middleware; class VerifyCsrfToken extends Middleware { /** * The URIs that should be excluded from CSRF verification. * * @var array */ protected $except = [ // ]; /** * Determine if the session and input CSRF tokens match. * * @param IlluminateHttpRequest $request * @return bool */ protected function tokensMatch($request) { return true; } }
µÇ¼ºó¸´ÖÆ
ÔÚÉÏÃæµÄ´úÂëÖУ¬ÎÒÃÇͨ¹ýÁýÕÖtokensMatch()º¯ÊýÀ´¹Ø±ÕTokenÑéÖ¤¡£tokensMatch()º¯ÊýÊÇÓÃÓÚ½ÏÁ¿ÊäÈëµÄÁîÅƺÍSessionÖеÄÁîÅÆÊÇ·ñÆ¥ÅäµÄº¯Êý¡£Í¨¹ý·µ»Øtrue£¬ÎÒÃǽûÓÃÁËTokenÑéÖ¤¡£
Çë×¢ÖØ£¬ÕâÖÖÒªÁì²¢²»ÊÇÍêÈ«Çå¾²µÄ¡£¹Ø±ÕTokenÑéÖ¤»áʹÄúµÄWebÓ¦ÓóÌÐòÈÝÒ×Êܵ½CSRF¹¥»÷¡£Òò´Ë£¬ÎÒÃÇÖ»½¨ÒéÔÚ²âÊԺͿª·¢Àú³ÌÖÐʹÓá£
ÔÚ·ÓÉÖйرÕTokenÑéÖ¤
ÁíÒ»ÖֹرÕTokenÑéÖ¤µÄÒªÁìÊÇÔÚ·ÓÉÖÐʹÓÃwithoutMiddleware()º¯Êý¡£Õâ¸öº¯Êý¿ÉÒÔ×ÊÖúÎÒÃÇÌø¹ýÖ¸¶¨µÄÖÐÐļþ£¬°üÀ¨TokenÑéÖ¤ÖÐÐļþ¡£
ҪʹÓÃwithoutMiddleware()º¯Êý£¬ÄúÐèҪͨ¹ý·ÓÉŲÓÃÖ¸¶¨µÄ¿ØÖÆÆ÷ºÍº¯Êý¡£ÀýÈ磺
Route::get('/example', 'ExampleController@exampleFunction')->withoutMiddleware(['auth', 'csrf']);
µÇ¼ºó¸´ÖÆ
ÔÚÉÏÃæµÄ´úÂëÖУ¬ÎÒÃÇʹÓÃwithoutMiddleware()º¯Êý½«TokenÑéÖ¤ÖÐÐļþ´Ó·ÓÉÖÐɾ³ý¡£Õ⽫ÔÊÐíÎÒÃÇʹÓò»°üÀ¨TokenµÄHTTPÇëÇó¡£
ÐèҪעÖصÄÊÇ£¬ÕâÖÖÒªÁìͬÑù±£´æÇå¾²Îó²î£¬½¨ÒéÔÚÐëÒªµÄÇéÐÎÏÂʹÓá£
Èý¡¢¿ªÆôTokenÑéÖ¤
ÔÚÄúÍê³É²âÊÔ»ò½ûÓÃTokenÑéÖ¤µÄ²Ù×÷ºó£¬ÎÒÃǽ¨ÒéÄú¿ªÆôTokenÑéÖ¤£¬È·±£ÄúµÄWebÓ¦ÓóÌÐòµÄÇå¾²ÐÔ¡£Äú¿ÉÒÔʹÓÃͬÑùµÄÒªÁ쿪ÆôTokenÑéÖ¤£¬Ö»ÐèҪɾ³ýÐ޸ĺóµÄ´úÂë¼´¿É¡£
ÔÚLaravelÖУ¬ÆôÓÃTokenÑéÖ¤ºÜÊǼòÆÓ¡£Ö»ÐèҪȷ±£VerifyCsrfTokenÖÐÐļþ±»×¢²á£¬²¢ÇÒûÓб»½ûÓü´¿É¡£
<?php namespace AppHttp; use IlluminateFoundationHttpKernel as HttpKernel; class Kernel extends HttpKernel { /** * The application's global HTTP middleware stack. * * @var array */ protected $middleware = [ IlluminateFoundationHttpMiddlewareCheckForMaintenanceMode::class, IlluminateFoundationHttpMiddlewareValidatePostSize::class, AppHttpMiddlewareTrimStrings::class, IlluminateFoundationHttpMiddlewareConvertEmptyStringsToNull::class, ]; /** * The application's route middleware. * * @var array */ protected $routeMiddleware = [ 'auth' => AppHttpMiddlewareAuthenticate::class, 'auth.basic' => IlluminateAuthMiddlewareAuthenticateWithBasicAuth::class, 'bindings' => IlluminateRoutingMiddlewareSubstituteBindings::class, 'can' => IlluminateAuthMiddlewareAuthorize::class, 'guest' => AppHttpMiddlewareRedirectIfAuthenticated::class, 'signed' => IlluminateRoutingMiddlewareValidateSignature::class, 'throttle' => IlluminateRoutingMiddlewareThrottleRequests::class, 'verified' => IlluminateAuthMiddlewareEnsureEmailIsVerified::class, 'csrf' => AppHttpMiddlewareVerifyCsrfToken::class, ]; }
µÇ¼ºó¸´ÖÆ
ÔÚÉÏÃæµÄ´úÂëÖУ¬ÎÒÃÇ¿ÉÒÔ¿´µ½VerifyCsrfTokenÖÐÐļþ±»×¢²áΪ’csrf’ÖÐÐļþ£¬ÕâÒâζ×ÅËü½«ÔÚĬÈÏÇéÐÎÏÂÊÂÇé¡£
ËÄ¡¢½áÂÛ
TokenÑéÖ¤ÊÇLaravelÖÐÒ»¸öºÜÊÇÖ÷ÒªµÄÇå¾²»úÖÆ£¬¿ÉÒÔ±ÜÃâ¶ñÒâ¹¥»÷ºÍ±£»¤Óû§Êý¾ÝµÄÇå¾²¡£µ«ÓÐʱ¼ä£¬Äú¿ÉÄÜÐèÒªÔÝʱ½ûÓÃTokenÑéÖ¤À´¼ÓËÙ¿ª·¢ËÙÂʺÍЧÂÊ¡£±¾ÎÄÏÈÈÝÁËÔõÑùÔÚLaravelÖйرÕTokenÑéÖ¤£¬²¢ÌáÐÑÄú¹Ø±ÕTokenÑéÖ¤»á±¬·¢µÄ¿ÉÄܵÄÇå¾²Òþ»¼¡£ÎÒÃǽ¨Òé½öÔÚ¿ª·¢ºÍ²âÊÔÀú³ÌÖÐʹÓøù¦Ð§¡£ÔÚÉú²úÇéÐÎÖУ¬ÄúÓ¦¸Ã¼á³ÖTokenÑéÖ¤µÄ¿ªÆô״̬£¬È·±£ÄúµÄWebÓ¦ÓóÌÐòµÄÇå¾²ÐÔ¡£
ÒÔÉϾÍÊÇlaravel¹Ø±ÕtokenÑéÖ¤µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡