Code: Select all
AuthController Code< /code>
Registrieren Sie einen neuen Benutzer (Works)
Diese Funktion registriert einen Benutzer mit einer rollenbasierten Zugriffskontrolle. < /p>
public function register(Request $request)
{
$request-\>validate(\[
'name' =\> 'required|string|max:255',
'email' =\> 'required|string|email|unique:users',
'password' =\> 'required|string|min:6',
'role' =\> 'required|in:admin,superadmin,faculty'
\]);
$user = User::create([
'name' => $request->name,
'email' => $request->email,
'password' => Hash::make($request->password),
'role' => $request->role
]);
return response()->json(['message' => 'User registered successfully'], 201);
}
< /code>
Login User and Generate Token (Works)< /code>
Diese Funktion generiert ein JWT -Token zur Authentifizierung. < /p>
public function login(Request $request)
{
$credentials = $request-\>only('email', 'password');
if (!$token = Auth::attempt($credentials)) {
return response()->json(['error' => 'Unauthorized'], 401);
}
// Log the login event
AuthLog::create([
'user_id' => Auth::id(),
'action' => 'login',
'ip_address' => $request->ip(),
'user_agent' => $request->header('User-Agent')
]);
return $this->respondWithToken($token);
}
< /code>
Logout User (Issue Here)< /code>
Hier tritt das Problem auf: Anmeldung macht das Token nicht ordnungsgemäß ungültig. < /p>
public function logout(Request $request)
{
if (!$request-\>user()) {
return response()-\>json(\['error' =\> 'Unauthorized'\], 401);
}
// Log the logout event
AuthLog::create([
'user_id' => Auth::id(),
'action' => 'logout',
'ip_address' => $request->ip(),
'user_agent' => $request->header('User-Agent')
]);
// Revoke all tokens for the authenticated user
$request->user()->tokens()->delete();
return response()->json(['message' => 'Logged out successfully'], 200);
}
< /code>
Refresh Token (Works)
public function refresh()
{
return $this-\>respondWithToken(Auth::refresh());
}
protected function respondWithToken($token)
{
return response()-\>json(\[
'access_token' =\> $token,
'token_type' =\> 'bearer',
'expires_in' =\> Auth::factory()-\>getTTL() \* 60,
'user' =\> Auth::user()
\]);
}
< /code>
API Routes
These are my API routes:
< /code>
Route::group(\['prefix' =\> 'auth'\], function () {
Route::post('register', \[AuthController::class, 'register'\]);
Route::post('login', \[AuthController::class, 'login'\]);
Route::post('logout', \[AuthController::class, 'logout'\])-\>middleware('auth:api');
Route::post('refresh', \[AuthController::class, 'refresh'\]);
Route::get('me', \[AuthController::class, 'me'\])-\>middleware('auth:api');
});
// Role-based dashboard access
Route::group(\['middleware' =\> \['auth:api', 'role:admin'\]\], function () {
Route::get('/admin/dashboard', function () {
return response()-\>json(\['message' =\> 'Welcome Admin'\]);
});
});
Route::group(\['middleware' =\> \['auth:api', 'role:superadmin'\]\], function () {
Route::get('/superadmin/dashboard', function () {
return response()-\>json(\['message' =\> 'Welcome SuperAdmin'\]);
});
});
Route::group(\['middleware' =\> \['auth:api', 'role:faculty'\]\], function () {
Route::get('/faculty/dashboard', function () {
return response()-\>json(\['message' =\> 'Welcome Faculty'\]);
});
});
< /code>
Issue: Logout Not Invalidating Token
What works:
Registering a user
Logging in and receiving a JWT token
Refreshing the token
What doesn't work:
Logging out does not invalidate the token. The user can still access protected routes after logout.
Possible Issues I Suspect
Maybe Auth::logout() is missing? Should I use this instead of $request-\>user()-\>tokens()-\>delete();?
< /code>
`
Should I explicitly invalidate the token using JWTAuth? Something like:
Auth::logout();
Am I missing a configuration in config/auth.php or config/jwt.php?
`
What I Need Help With
How do I properly invalidate JWT tokens when a user logs out?
Should I use Auth::logout() instead of $request->user()->tokens()->delete();?
Any improvements to my logout logic?
Would really appreciate any insights! Thanks in advance!
Mobile version