Vue SPA 的 Laravel 电子邮件验证

Question

如何使用 Vue Router 在 Vue SPA 上实现 Laravel 的电子邮件验证？

到目前为止，我已经尝试通过更改 VerificationController 验证和重新发送方法来处理电子邮件验证。然后我创建了一个新的通知并添加了用于验证的 API 路由。

当生成验证链接并发送到用户的电子邮件时，验证 url 类似于：

https://foobar.test/email/verify/1?expires=1565276056&signature=b15ccd7d6198bdcf81eea4f5cb441efe8eb2d6d5b57a1ce0b1171e685613d917

单击链接时，它会打开一个页面，但由于未命中 @verify api 路由，因此在后端什么也不做。

有什么建议？

验证控制器.php

<?php

namespace App\Http\Controllers\Auth;

use App\User;
use Illuminate\Http\Request;

use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\VerifiesEmails;
use Illuminate\Validation\ValidationException;


class VerificationController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Email Verification Controller
    |--------------------------------------------------------------------------
    |
    | This controller is responsible for handling email verification for any
    | user that recently registered with the application. Emails may also
    | be re-sent if the user didn't receive the original email message.
    |
    */

    use VerifiesEmails;

    /**
     * Where to redirect users after verification.
     *
     * @var string
     */
    protected $redirectTo = '/home';

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('auth:api');
        $this->middleware('signed')->only('verify');
        $this->middleware('throttle:600,1')->only('verify', 'resend');
    }

    /**
     * Show the email verification notice.
     *
     */
    public function show()
    {
        //
    }

    /**
     * Mark the authenticated user's email address as verified.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function verify(Request $request)
    {
      $userID = $request[‘id’];
      $user = User::findOrFail($userID);
      $user->email_verified_at = date("Y-m-d g:i:s");
      $user->save();

      return response()->json('Email verified!');
    }

    /**
     * Resend the email verification notification.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function resend(Request $request)
    {
        if ($request->user()->hasVerifiedEmail()) {
            return response()->json('The email is already verified.', 422);
        }

        $request->user()->sendEmailVerificationNotification();

        return response()->json('We have e-mailed your verification link!');
    }


}

验证邮箱.php

<?php

namespace App\Notifications;

use Illuminate\Notifications\Notification;


use Illuminate\Support\Facades\URL;
use Carbon\Carbon;


use Illuminate\Auth\Notifications\VerifyEmail as VerifyEmailBase;


class VerifyEmail extends VerifyEmailBase
{

    /**
     * Get the verification URL for the given notifiable.
     *
     * @param  mixed  $notifiable
     * @return string
     */
    protected function verificationUrl($notifiable)
    {
      return URL::temporarySignedRoute(
      ‘verification.verify’, Carbon::now()->addMinutes(60), [‘id’ => $notifiable->getKey()]
      );

    }
}

api.php

Route::get('email/verify/{id}', 'Auth\VerificationController@verify')->name('verification.verify');
Route::get('email/resend', 'Auth\VerificationController@resend')->name('verification.resend');

Answer 1

我的 Angular SPA 也面临同样的问题。不确定您是否还需要帮助，但希望我的回答能对某人有所帮助。

因此，虽然 laravelUrlGenerator::signedRoute不够灵活（您可以订阅这个想法。不是同一个情况，但与此相关），我们必须自己实现 url 签名。

在你的VerifyEmail班级：

    protected function verificationUrl($notifiable)
    {
        // collect and sort url params
        $params = [
            'expires' => Carbon::now()
                ->addMinutes(Config::get('auth.verification.expire', 60))
                ->getTimestamp(),
            'id' => $notifiable->getKey(),
            'hash' => sha1($notifiable->getEmailForVerification()),
        ];
        ksort($params);

        // then create API url for verification. my API have `/api` prefix,
        // so i don't want to show that url to users 
        $url = URL::route(
            'api:auth:verify',
            $params,
            true
        );

        // get APP_KEY from config and create signature
        $key = config('app.key');
        $signature = hash_hmac('sha256', $url, $key);

        // generate url for yous SPA page to send it to user
        return url('verify-email') . '?' . http_build_query($params + compact('signature'), false);
    }

之后，在 SPA 中，您应该获取 url 参数并调用 API 请求。我将指定 Angular 示例，但应该很容易将其适应 Vue。

// on component load
ngOnInit() {

  // get query params from current route   
  this.route.queryParamMap.subscribe(params => {

    // generate API url. Make sure your query params come in the same order
    // as in signature generation. By default signature check middleware 
    // extracts `signature` param so `expires` is the only param that
    // is checked so order doesn't matter, but if you need another params -
    // it can turn into a problem 
    const url = this.router.createUrlTree(['api', 'auth', 'verify', data.id, data.hash],
      {queryParams: {expires: data.expires, signature: data.signature}}).toString();

    // make API request. if signature check fails - you will receive 403 error
    return this.http.get(url).subscribe();
  });
}

我看到的另一种更简单的方法是生成直接 API url 并将其发送给用户，就像您所做的那样。验证后只需将浏览器重定向到您的 SPA。我只是不明白为什么它在你的情况下不起作用。也许您的网络服务器配置中有一些重写规则，因此您的实际域名与您的APP_URL? 或者也许您在另一个端口提供 API？