мы создаем сайт, используя laravel и react. также эти два приложения разделены, laravel только сторона api и работают на
api.example.com
и одно react приложение работает на example.com
Для аутентификации мы используем JWT и безопасный токен httpOnly cook ie. Наша проблема также в том, что мы хотим использовать токен CSRF, но я получаю The payload is invalid.
ошибку, вот что я делаю
App\Http\Kernel.php
/**
* The application's route middleware groups.
*
* @var array
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
'throttle:60,1',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
];
App\Http\Controllers\Auth\AuthController.php
/**
* Get a JWT via given credentials.
*
* @return \Illuminate\Http\JsonResponse
*/
public function login()
{
$credentials = request(['username', 'password']);
if (!isset($credentials['username']) || !isset($credentials['password'])) {
return response()->json('You need to fill username and password.', 401);
}
$user = User::where('username', '=', $credentials['username'])->first();
if (!($user && Hash::check($credentials['password'], $user->password))) {
return response()->json('invalid_credentials', 401);
}
$token = JWTAuth::fromUser($user);
$payload = JWTAuth::setToken($token)->getPayload();
$cookie = Cookie::queue(Cookie::make('token', $token, config('jwt.ttl'), '/', null, true, true));
return response()->json($user, 200);
}
Когда я тестирую с Почтальоном, я могу получить
laravel_session, XSRF-TOKEN, token
куки и логин работает без проблем, на почтальоне я получаю повар ie
pm.environment.set("xsrf-token", decodeURIComponent(pm.cookies.get("XSRF-TOKEN")))
с этим кодом и добавляю заголовки к
X-XSRF-TOKEN: {{xsrf-token}}
с этим кодом. Когда я делаю пост, я получаю
Illuminate\Contracts\Encryption\DecryptException: The payload is invalid. in file /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php on line 195
, как мы можем решить эту проблему? Большое спасибо за помощь.
Полная ошибка:
Illuminate\Contracts\Encryption\DecryptException: The payload is invalid. in file /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php on line 195
#0 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php(136): Illuminate\Encryption\Encrypter->getJsonPayload()
#1 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(154): Illuminate\Encryption\Encrypter->decrypt()
#2 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(136): Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->getTokenFromRequest()
#3 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(74): Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->tokensMatch()
#4 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle()
#5 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(56): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#6 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\Session\Middleware\StartSession->handle()
#7 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#8 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle()
#9 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(66): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#10 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\Cookie\Middleware\EncryptCookies->handle()
#11 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(105): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#12 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Routing/Router.php(683): Illuminate\Pipeline\Pipeline->then()
#13 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Routing/Router.php(658): Illuminate\Routing\Router->runRouteWithinStack()
#14 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Routing/Router.php(624): Illuminate\Routing\Router->runRoute()
#15 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Routing/Router.php(613): Illuminate\Routing\Router->dispatchToRoute()
#16 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(170): Illuminate\Routing\Router->dispatch()
#17 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(130): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}()
#18 /home/vagrant/project/vendor/fruitcake/laravel-cors/src/HandleCors.php(31): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#19 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Fruitcake\Cors\HandleCors->handle()
#20 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#21 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle()
#22 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#23 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle()
#24 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#25 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\Foundation\Http\Middleware\ValidatePostSize->handle()
#26 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(63): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#27 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode->handle()
#28 /home/vagrant/project/vendor/fideloper/proxy/src/TrustProxies.php(57): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#29 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Fideloper\Proxy\TrustProxies->handle()
#30 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(105): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#31 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(145): Illuminate\Pipeline\Pipeline->then()
#32 /home/vagrant/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(110): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter()
#33 /home/vagrant/project/public/index.php(55): Illuminate\Foundation\Http\Kernel->handle()
#34 {main}