1.  필요 Pakage 설치 및 migration

ldw@ldw-bmax:~/laravel/restapi$ composer require laravel/sanctum
............
ldw@ldw-bmax:~/laravel/restapi$ php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
................................
ldw@ldw-bmax:~/laravel/restapi$ php artisan migrate

 

2. app/Http/Kernel.php 수정

<?php

namespace App\Http;

use Illuminate\Foundation\Http\Kernel as HttpKernel;

class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* @var array<int, class-string|string>
*/
    protected $middleware = [
        ..........
        'api' => [
            // 아래 줄을 추가하면 더 이상은 CSRF token이 없으면 419 CSRF Token mismatch error가 발생한다
            \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
            \Illuminate\Routing\Middleware\ThrottleRequests::class.':api',
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],
        ...................
    ];
    ......................
}

 

4. register 기능을 위해 /users/api route는 CSRF token 을 검증하지 않게 해 준다

app/Http/Middleware/VerifyCsrfToken.php 에 $except 배열에 추가해 준다

이제 /api/users  route는 csrf token이 없어도 Post method도 가능하다

<?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;

class VerifyCsrfToken extends Middleware
{
    /**
    * The URIs that should be excluded from CSRF verification.
    *
    * @var array<int, string>
    */
    protected $except = [
        //
        '/api/users'
    ];
}

 

3. api 에 대한 route를  middleware('auth:sanctum') 로 보호

<?php

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\BookController;
use App\Http\Controllers\ApiUserController;
 

Route::middleware('auth:sanctum')->get('/books', [BookController::class, 'index']);

Route::middleware('auth:sanctum')->get('/books/{book}', [BookController::class, 'show']);

Route::middleware('auth:sanctum')->post('/books', [BookController::class, 'store']);

Route::middleware('auth:sanctum')->put('/books/{book}', [BookController::class, 'update']);

Route::middleware('auth:sanctum')->delete('/books/{book}', [BookController::class, 'destroy']);

Route::get('/users', [UserController::class, 'index']);

Route::post('/users', [UserController::class, 'store']);

 

 

4. 이제 그냥 접속하면 401 Unauthorized response를 받는다

 

 

'Laravel' 카테고리의 다른 글

Laravel RESTful API server with Authentication (4) Rest API server 만들기 - Laravel Sanctum  (0) 2024.03.02
Laravel RESTful API server with Authentication (3) Rest API server 만들기 - 사용자 등록  (0) 2024.03.01
Laravel RESTful API server with Authentication (2) Rest API server 만들기 store(), update(), destroy()  (0) 2024.02.27
Laravel RESTful API server with Authentication (1) Rest API server 만들기 index(), show()  (0) 2024.02.27
Laravel, Add to fillable property to allow mass assignment  (0) 2024.02.26

+ Recent posts

티스토리툴바