bootstrap/app.php
$middleware->statefulApi(); bunu ekliyoruz ve son hali bu.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
<?php use Illuminate\Foundation\Application; use Illuminate\Foundation\Configuration\Exceptions; use Illuminate\Foundation\Configuration\Middleware; return Application::configure(basePath: dirname(__DIR__)) ->withRouting( web: __DIR__.'/../routes/web.php', api: __DIR__.'/../routes/api.php', commands: __DIR__.'/../routes/console.php', health: '/up', ) ->withMiddleware(function (Middleware $middleware) { $middleware->statefulApi(); }) ->withExceptions(function (Exceptions $exceptions) { // })->create(); |
hemen sonra cors dosyasını config içine yayınlıyoruz..
php artisan config:publish cors
hemen cors.php yi açıyoruz. config içinde.
support_credentials true yapıyoruz
env içinde SESSION_DOMAIN’ı de localhost yapıyoruz. domaine göre değişiyor tabi. şimdi aktif. şimdi logine istek atacağız ama csrf için önce sanctum/csrf-cookie e istek atacağız. şimdi ilk önce logincontroller oluşturalım.
php artisan make:controller Auth/LoginController -i
php artisan make:request LoginRequest
LoginRequest dosyamız.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
<?php namespace App\Http\Requests; use Illuminate\Foundation\Http\FormRequest; class LoginRequest extends FormRequest { /** * Determine if the user is authorized to make this request. */ public function authorize(): bool { return true; } /** * Get the validation rules that apply to the request. * * @return array<string, \Illuminate\Contracts\Validation\ValidationRule|array<mixed>|string> */ public function rules(): array { return [ 'email' => 'required|email', 'password' => 'required' ]; } } |
LoginController dosyamız.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
<?php namespace App\Http\Controllers\Auth; use App\Models\User; use Illuminate\Http\Request; use App\Http\Requests\LoginRequest; use App\Http\Controllers\Controller; use Illuminate\Support\Facades\Hash; use Illuminate\Validation\ValidationException; class LoginController extends Controller { /** * Handle the incoming request. */ public function __invoke(LoginRequest $request) { if (!auth()->attempt($request->only(['email', 'password']))) { throw ValidationException::withMessages([ 'email' => ['The credentials you entered are incorrect.'] ]); } } } |
route’da
1 2 3 |
Route::prefix('auth')->group(function () { Route::post('/login', LoginController::class)->middleware('guest'); }); |
login’e istek atarken postman üzerinden istekten önce sanctum cookie e git csrf token al, onu cookielere ekle sonra logine istek atarken gönder diyoruz.
1 2 3 4 5 6 7 8 9 |
pm.sendRequest({ url: "http://localhost:8000/sanctum/csrf-cookie", method: "GET" }, function (err, res, { cookies }) { if (!err) { pm.globals.set('csrf-token', cookies.get('XSRF-TOKEN')) } }) |
hepsi bu kadar loginimiz çalışıyor.
php artisan make:controller Auth/LogoutController -i
diyerek controller oluşturuyoruz.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
<?php namespace App\Http\Controllers\Auth; use App\Http\Controllers\Controller; use Illuminate\Http\Request; class LogoutController extends Controller { /** * Handle the incoming request. */ public function __invoke(Request $request) { auth()->guard('web')->logout(); } } |
1 |
Route::post('/logout', LogoutController::class); |
Hepsi bu kadar. bunda yine csrf token gönderilecek fakat artık sanctum cookie sayfasına gidilmeyecek.
1 2 |
php artisan make:controller Auth/RegisterController -i php artisan make:request RegisterRequest |
registerRequest
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
<?php namespace App\Http\Requests; use Illuminate\Foundation\Http\FormRequest; use Illuminate\Support\Facades\Hash; class RegisterRequest extends FormRequest { /** * Determine if the user is authorized to make this request. */ public function authorize(): bool { return true; } /** * Get the validation rules that apply to the request. * * @return array<string, \Illuminate\Contracts\Validation\ValidationRule|array<mixed>|string> */ public function rules(): array { return [ 'name' => 'required|string|max:150', 'email' => 'required|email|max:150|unique:users', 'password' => 'required|confirmed' ]; } public function getData() { $data = $this->validated(); $data['password'] = Hash::make($data['password']); return $data; } } |
api route’umuza middleware ekledik.
1 2 3 4 |
Route::middleware('auth:sanctum')->prefix('v1')->group(function () { Route::apiResource('/tasks', TaskController::class); Route::patch('/tasks/{task}/complete', CompleteTaskController::class); }); |