dongranding3909 2018-11-20 08:51
浏览 176
已采纳

将授权用户从Laravel后端传递到React前端的最安全方式

I am building a weather app with laravel(almost finished) and i decided to implement the frontend with react/redux/react-router and use laravel from api calls. The only thing that i decided to leave the same is my custom laravel auth implementation with routes and views. However, i struggle to find a secure way to pass my Auth::user object after login in order to store on redux. I have 2 options:

1) After login and before render the main jsx, to make an axios request to specific route in order to return the Auth::user like:

in routes.php

Route::post('/auth/user' ,function(){
   return response()->json(['user'=>auth()->user()]);
})->middleware('auth');

in js

axios.post('/auth/user').then((res)=>{console.log(res.data.user)}).catch((e)=>{console.log(e)})

2) pass Auth::user with blade, catch it with getAttribute, save it to redux and instantly remove from DOM:

<div id="app" data-usr="{{ auth()->user() }}"></div>

However neither of them seem to me like a secure way to pass this kind of data. Can anyone tell me his opinion about this or figure me with a better solution? Thanks a lot.

  • 写回答

2条回答 默认 最新

  • dongpu4141 2018-11-23 05:32
    关注

    Thankfully i found a solution with API TOKEN implementation built-in with Laravel. Also i destroy token after logout and recreate it in login, so nobody can use it with other services to collect data if he is not signed in

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)
编辑
预览

报告相同问题?

悬赏问题

  • ¥40 selenium访问信用中国
  • ¥15 电视大赛投票系统的c语言代码怎么做
  • ¥20 在搭建fabric网络过程中遇到“无法使用新的生命周期”的报错
  • ¥15 Python中关于代码运行报错的问题
  • ¥500 python 的API,有酬谢
  • ¥15 软件冲突问题,软件残留问题
  • ¥30 有没有人会写hLDA,有偿求写,我有一个文档,想通过hLDA得出这个文档的层次主题,有偿有偿!
  • ¥50 有没有人会写hLDA,有偿求写,我有一个文档,想通过hLDA得出这个文档的层次主题,有偿有偿!
  • ¥15 alpha101因子里哪些适合crypto?
  • ¥15 ctrl win alt 键一直触发
手机看
程序员都在用的中文IT技术交流社区

程序员都在用的中文IT技术交流社区

专业的中文 IT 技术社区,与千万技术人共成长

专业的中文 IT 技术社区,与千万技术人共成长

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

客服 返回
顶部