我正在使用 CI4 構建一個 Web 應用程式以及適用于 Android 的 API。
對于 Web 應用程式,我有一個過濾器來檢查用戶是否已經登錄,但有一些例外,其中之一是如果 URL 包含api/ * 則忽略過濾器(API 的 url 是 http://localip/api/ )
如果請求方法是 GET,則 API 作業正常。我可以從 API 獲取資料。但是當我嘗試使用 POST 方法將資料插入資料庫時??,它會將我重定向到登錄頁面(我正在使用 Postman 測驗 API)
我該如何解決?
到目前為止我嘗試的是添加登錄過濾器別名
public $methods = [
'post' => ['csrf', 'loginfilter']
]; But still not working
這是完整的代碼
過濾器.php
<?php
namespace Config;
use App\Filters\CorsFilter;
use App\Filters\LoginFilter;
use CodeIgniter\Config\BaseConfig;
use CodeIgniter\Filters\CSRF;
use CodeIgniter\Filters\DebugToolbar;
use CodeIgniter\Filters\Honeypot;
use CodeIgniter\Filters\InvalidChars;
use CodeIgniter\Filters\SecureHeaders;
class Filters extends BaseConfig
{
/**
* Configures aliases for Filter classes to
* make reading things nicer and simpler.
*
* @var array
*/
public $aliases = [
'loginfilter' => LoginFilter::class,
'cors' => CorsFilter::class
];
/**
* List of filter aliases that are always
* applied before and after every request.
*
* @var array
*/
public $globals = [
'before' => [
// 'honeypot',
'csrf',
'loginfilter' => ['except' => ['/', '/login', 'api/*']],
'cors'
// 'invalidchars',
],
'after' => [
'toolbar',
// 'honeypot',
// 'secureheaders',
],
];
/**
* List of filter aliases that works on a
* particular HTTP method (GET, POST, etc.).
*
* Example:
* 'post' => ['csrf', 'throttle']
*
* @var array
*/
public $methods = [
'post' => ['csrf','loginfilter]
];
/**
* List of filter aliases that should run on any
* before or after URI patterns.
*
* Example:
* 'isLoggedIn' => ['before' => ['account/*', 'profiles/*']]
*
* @var array
*/
public $filters = [];
}
登錄過濾器.php
<?php
namespace App\Filters;
use CodeIgniter\Filters\FilterInterface;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;
class LoginFilter implements FilterInterface
{
public function before(RequestInterface $request, $arguments = null)
{
$session = session();
if (!$session->has('user_id')) {
return redirect()->to(base_url() . '/');
}
}
public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
{
}
}
路由.php
$routes->resource("api/role", ['controller' => 'apis\MasterDataRoleApi']);
MasterDataRoleApi.php(控制器)
<?php
namespace App\Controllers\apis;
use App\Models\GeneralModels;
use App\Models\RoleModel;
use CodeIgniter\API\ResponseTrait;
use CodeIgniter\RESTful\ResourceController;
class MasterDataRoleApi extends ResourceController
{
use ResponseTrait;
protected $model;
protected $generalModel;
public function __construct()
{
$this->model = new RoleModel();
$this->generalModel = new GeneralModels();
}
public function index()
{
$role= $this->request->getVar('role');
$data = $this->model->getRoleApi($role);
return $this->respond($data, 200);
}
public function create()
{
$roleName = $this->request->getPost('role_name');
$supervisor = $this->request->getPost('supervisor');
$userId = $this->request->getVar("userId");
helper('idgenerator');
$maxCode = $this->generalModel->getMaxData('tmrole', 'role_id');
$generatedId = idGenerator($maxCode[0]['role_id'], 4, 3, "JAB-");
$this->model->insertTmRole($generatedId, $roleName, $userId, $userId);
$data = array();
$dataArr = array(
"response" => "Success",
"response_details" => "Saved Successfully"
);
$data[] = $dataArr;
return $this->respondCreated($data, 201);
}
}
下圖顯示了請求方法為 GET 時回傳的 Json 
The X-CSRF-TOKEN HTTP request header value should be the same as the csrf_cookie_name cookie value.
HTTP Request Call Requirements:
I.e:
POST http://myapp.local/api/companies
Request Body. Don't forget to add the csrf_cookie_name token as part of the request body.
| Key | Value |
|---|---|
| company_name | Tesla, Inc. |
| csrf_cookie_name | 62b04a891414ef789bee7108f94ad97a |
As I conclude with PART B:
| Important items | Description |
|---|---|
ci_sessioncookie或HTTPAuthorization: Bearer xxxxxxx請求標頭。 |
允許您僅對受 Auth 保護的 API 端點使用您的應用程式/專案進行身份驗證。在您的特定情況下,我相信您loginfilter正在使用cookie,并且在HTTP 請求標頭ci_session的幫助下,預計 cookie 將與每個請求一起發送。Cookie |
csrf_cookie_namecookie和(X-CSRF-TOKENHTTP 請求標頭或CSRF 令牌請求引數)。 |
CSRF cookie和(X-CSRF-TOKENHTTP 請求標頭或CSRF 令牌請求引數)值必須匹配。如果您已打開csrf過濾器,則這是一項要求。 |
uj5u.com熱心網友回復:
據我所知,您將 loginfilter 作為每個 POST 方法的后備。那可能是那邊的罪魁禍首。
話雖如此,這是一個替代解決方案。您可以在 routes.php 中對路由進行分組并應用于loginfilter這些路由。此外,您可以根據需要嵌套它們并對其進行磁區。
例子 :
$routes->group(
'api',
['filter' => 'loginfilter'],
function ($routes) {
$routes->resource("role", ['controller' => 'apis\MasterDataRoleApi']);
}
);
您可以在使用此方法時洗掉全域過濾器。
轉載請註明出處,本文鏈接:https://www.uj5u.com/gongcheng/445963.html
標籤:php api 代码点火器 codeigniter-4
