Nee*_*eel 14 laravel laravel-routing laravel-filters laravel-middleware laravel-5.1
在我的项目中,我使用Laravel纯粹作为后端api,所有前端都由Angular javascript处理.目前,Laravel路线可以直接访问,它会扼杀浏览器中显示的Json中的所有数据.我想对它进行限制,因此Laravel只响应Ajax请求而没有别的.
我在这里阅读了这篇文章,该文章为Laravel 4提供了一个解决方案,即通过添加限制filter.php.但是从Laravel 5.1开始,不再使用过滤器,我相信中间件可以用来做同样的事情.但是,我不知道如何在过滤器到中间件的过程中更改Laravel 4解决方案.
有人可以分享您如何防止直接访问Laravel 5.1路由的想法吗?
Laravel 4解决方案使用filter.php:在filter.php声明此过滤器:
Route::filter('isAJAX', function()
{
if (!Request::AJAX()) return Redirect::to('/')->with(array('route' => Request::path()));
});
然后将您只想通过AJAX访问的所有路由放入一个组中.在您的routes.php中:
Route::group(array('before' => 'isAJAX'), function()
{
Route::get('contacts/{name}', ContactController@index); // Or however you declared your route
... // More routes
});
Jav*_*olz 40
app/Http/Middleware/OnlyAjax.php使用以下内容创建中间件文件:
<?php
namespace App\Http\Middleware;
class OnlyAjax
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, \Closure $next)
{
if ( ! $request->ajax())
return response('Forbidden.', 403);
return $next($request);
}
}
然后在文件中注册您的中间件 app/Http/Kernel.php
<?php namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* @var array
*/
protected $middleware = [
//... your original code
];
/**
* The application's route middleware.
*
* @var array
*/
protected $routeMiddleware = [
//... your original code
'ajax' => \App\Http\Middleware\OnlyAjax::class,
];
}
最后将中间件附加到您只想通过AJAX访问的任何路由或路由组.即:
/// File: routes/web.php
// Single route
Route::any('foo', 'FooController@doSomething')->middleware('ajax');
// Route group
Route::middleware(['ajax'])->group(function () {
// ...
});