Jwt-auth: API routing conflicts with the background, annotation VerifyCsrfToken is required

Created on 6 Jan 2016  路  10Comments  路  Source: tymondesigns/jwt-auth

routes.php

/**
 * Api router
 */
$api = app('Dingo\Api\Routing\Router');

$api->version('v1', function ($api) {
    $api->group(['namespace' => 'App\Http\Controllers'], function($api) {

        /**
         * Need to close VerifyCsrfToken middleware in Kernel.php
         */
        $api->post('auth', 'AuthenticateController@authenticate');

        $api->group(['middleware' => 'jwt.auth'], function($api) {
            $api->get('users', 'ApiController@index');
            $api->get('users/{id}', 'ApiController@show');
        });
    });

});

and i send a request from postman: http://l.weipei.local/api/auth

it's reponse

{
  "message": "500 Internal Server Error",
  "status_code": 500,
  "debug": {
    "line": 53,
    "file": "/mnt/www/l.weipei.local/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php",
    "class": "Illuminate\Session\TokenMismatchException",
    "trace": [
      "#0 [internal function]: Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle(Object(Dingo\Api\Http\Request), Object(Closure))",
      "#1 /mnt/www/l.weipei.local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)",
      "#2 /mnt/www/l.weipei.local/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Dingo\Api\Http\Request))",
      "#3 [internal function]: Illuminate\View\Middleware\ShareErrorsFromSession->handle(Object(Dingo\Api\Http\Request), Object(Closure))",
      "#4 /mnt/www/l.weipei.local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)",
      "#5 /mnt/www/l.weipei.local/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(62): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Dingo\Api\Http\Request))",
      "#6 [internal function]: Illuminate\Session\Middleware\StartSession->handle(Object(Dingo\Api\Http\Request), Object(Closure))",
      "#7 /mnt/www/l.weipei.local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)",
      "#8 /mnt/www/l.weipei.local/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Dingo\Api\Http\Request))",
      "#9 [internal function]: Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle(Object(Dingo\Api\Http\Request), Object(Closure))",
      "#10 /mnt/www/l.weipei.local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)",
      "#11 /mnt/www/l.weipei.local/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(59): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Dingo\Api\Http\Request))",
      "#12 [internal function]: Illuminate\Cookie\Middleware\EncryptCookies->handle(Object(Dingo\Api\Http\Request), Object(Closure))",
      "#13 /mnt/www/l.weipei.local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)",
      "#14 /mnt/www/l.weipei.local/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(44): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Dingo\Api\Http\Request))",
      "#15 [internal function]: Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode->handle(Object(Dingo\Api\Http\Request), Object(Closure))",
      "#16 /mnt/www/l.weipei.local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)",
      "#17 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Dingo\Api\Http\Request))",
      "#18 /mnt/www/l.weipei.local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): call_user_func(Object(Closure), Object(Dingo\Api\Http\Request))",
      "#19 /mnt/www/l.weipei.local/vendor/dingo/api/src/Http/Middleware/Request.php(111): Illuminate\Pipeline\Pipeline->then(Object(Closure))",
      "#20 /mnt/www/l.weipei.local/vendor/dingo/api/src/Http/Middleware/Request.php(89): Dingo\Api\Http\Middleware\Request->sendRequestThroughRouter(Object(Dingo\Api\Http\Request))",
      "#21 [internal function]: Dingo\Api\Http\Middleware\Request->handle(Object(Illuminate\Http\Request), Object(Closure))",
      "#22 /mnt/www/l.weipei.local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)",
      "#23 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))",
      "#24 /mnt/www/l.weipei.local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): call_user_func(Object(Closure), Object(Illuminate\Http\Request))",
      "#25 /mnt/www/l.weipei.local/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(122): Illuminate\Pipeline\Pipeline->then(Object(Closure))",
      "#26 /mnt/www/l.weipei.local/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(87): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter(Object(Illuminate\Http\Request))",
      "#27 /mnt/www/l.weipei.local/public/index.php(53): Illuminate\Foundation\Http\Kernel->handle(Object(Illuminate\Http\Request))",
      "#28 {main}"
    ]
  }
}

how to get not conflicts

picture huiyonghkw

Most helpful comment

Have you tried adding api as an exception in file Middleware\VerifyCsrfToken.php?

Like this:

protected $except = [
    'api/*',
];
picture flaird on 6 Jan 2016
1 🎉1 👍1

All 10 comments

Have you tried adding api as an exception in file Middleware\VerifyCsrfToken.php?

Like this:

protected $except = [
    'api/*',
];
flaird picture flaird on 6 Jan 2016
1 🎉1 👍1

@sagaio 锛宮y local .env setting here

API_STANDARDS_TREE=vnd
API_SUBTYPE=logistic
API_PREFIX=
API_DOMAIN=api.wuliu.weipei.local
API_VERSION=v1
API_NAME=Logistics WeiPei
API_CONDITIONAL_REQUEST=false
API_STRICT=false
API_DEFAULT_FORMAT=json
API_DEBUG=true

so, as you see i don't set APP_PREFIX, but how i do ? please tell me detail

huiyonghkw picture huiyonghkw on 6 Jan 2016

@Brave-Cheng there's 2 questions here, your 2nd question is unrelated to the main question.

sagaio, suggested that you turned off VerifyCsrfToken for all your routes that starts with "api".

You can either do that or comment out this middleware if you are not using it anywhere else in your app.

As for your api_prefix in your .env leave set it as the default API_PREFIX=api.

Hope this helps.

JustinLien picture JustinLien on 7 Jan 2016

@JustinLien ,Thanks

Now i have turned off VerifyCsrfToken to fixed that.

My main question is When API and Admin app in a same project used Laravel5.1. how to fixed it

huiyonghkw picture huiyonghkw on 8 Jan 2016

@Brave-Cheng your main question? You mean a new one?

I don't understand your new issue if you are having a new issue. What is wrong with your API and Admin app are used in L5.1?

JustinLien picture JustinLien on 8 Jan 2016

@JustinLien

I'm very sorry, failed to express clearly, make you confused.

What I mean is like this:

I have two apps are based on Larvel5.1 framework. One is the management background applications based on the admin app. Based on the api app is another API application.

Now the admin app requires VerifyCsrfToken middleware, whereas api app based on JWT - Auth don't need VerifyCsrfToken middleware. So, my question is, in the same Laravel5.1 framework, how to solve the VerifyCsrfToken applicable API app and does not affect the admin app

huiyonghkw picture huiyonghkw on 8 Jan 2016

@Brave-Cheng

If your apiis located at http://l.weipei.local/api/* then you can make api/* an exception to the middleware by entering it as an exception in App\Http\Middleware\VerifyCsrfToken.php.

This is my file:

<?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        'api/*',
    ];
}

All other URIs will be going through VerifyCsrfToken

flaird picture flaird on 8 Jan 2016

@sagaio

I understond. but now api configuration is API_PREFIX=. and last is like this http://l.weipei.local/*. how to do?

huiyonghkw picture huiyonghkw on 8 Jan 2016

If there are any issues outstanding here, then open an issue on dingo/api instead

tymondesigns picture tymondesigns on 1 Feb 2016

hello, guys.!
JWT works gracefully when i send GET request with ?token=correct_token
But how to send the token in a POST request.. please, help!

om4rezz picture om4rezz on 28 Apr 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

therealmjk picture therealmjk  路  3Comments
gandra picture gandra  路  3Comments
lbottoni picture lbottoni  路  3Comments
aofdev picture aofdev  路  3Comments
CBR09 picture CBR09  路  3Comments