Olá, estou usando o Laravel 8, com o Tymon e Spatie para criação do jwt token e autorização de acesso.
A aplicação está rodando no Apache.
O problema ocorre apos a autenticação com sucesso, apos isso qualquer chamada a api, retorna 401. É usado o HTTPS, quando rodo a mesma aplicação local, tudo funciona como o esperado.
Route::group([‘middleware’ => ‘jwt.auth’, ‘namespace’ => ‘API’], function() {
Route::get(’/comercial/page/{pageSize}’, ‘ComercialController@all’)->middleware(‘role:Admin’);
Route::get(’/comercial/pesquisa/{anoMes}/{pageSize}’, ‘ComercialController@findByAnoMesAndFilters’)->middleware(‘role:Informante|Gerente|Admin’);
}
Ai está um pequeno exemplo do meu arquivo api.php.
O frontend é desenvolvido usando o Vue.
Quando removo uma das apis, no exemplo acima, para fora da api protegida eu também consigo acessa-la.
O Laravel não gera nenhum log para essa situação, ficando difícil identificar a casa raiz.
GET https://api.test/api/comercial/page/20
GET /api/comercial/page/20 HTTP/1.1
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2FwaS50ZXN0L2FwaS9hdXRoL2xvZ2luIiwiaWF0IjoxNjMwNDUzMDQ5LCJleHAiOjE2MzA0NTY2NDksIm5iZiI6MTYzMDQ1MzA0OSwianRpIjoiUlJUbjdmR3BndW03YmtDRyIsInN1YiI6MSwicHJ2IjoiZjZiNzE1NDlkYjhjMmM0MmI3NTgyN2FhNDRmMDJiN2VlNTI5ZDI0ZCIsIm5vbWUiOiJBZG1pbmlzdHJhdG9yIGRhIFNpbHZhIiwiZW1wcmVzYSI6MjQsImVtYWlsIjoiYWRtaW5AdGVzdC5jb20iLCJyb2xlcyI6WyJBZG1pbiJdfQ.4m7hzEYGd3AwSYSVBNuiohoDtDbCzLp-N5lHV-LumkM
User-Agent: PostmanRuntime/7.28.4
Accept: /
Postman-Token: 1745352d-b1fa-4b3c-96b4-a646795cf1c0
Host: api.test
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjhjQWRUMEtKOWZBRjBSREF5cVZxaUE9PSIsInZhbHVlIjoiY0RKY3dtNURyaWptcmJ2SE1lS1NpclFra0tEWEdvdG5MeE4rd0podnh5YXRmbE56ODRxdmxyb0dIU0V6akIyUnNQSXk1NGJxTWhpckRoUnFhZ3RpSzEzY0hTRWZwNFgyek1aNUFObmxINmd5bXhzaUZxc3BwN3RjTisrZ04xUFciLCJtYWMiOiIyZWYzYTZjOGY0NGI4NmQxNjdkNDUyZjYzNmJiODc0YjJhMWFjZWQ3YjdmNjIwZjUyNzc4MDAyZWRjMmJjMGU1In0%3D; test_session=eyJpdiI6IjU3NnB1Ry8yZXAvTHREcWUxeEl4d3c9PSIsInZhbHVlIjoib2FJeWxYM3gvRm1oMldmR3Avd0QwS1pXOEoycnRwWVhESVY4V3ZVN1M4b1p3ZHVsS0R3Q0MzNTlYYnpBV2d5WS9VMkVaMEo3Sy93TGcwUCs2UEFpd05xbDUzNkZJaDJ1OUtMaWtIYXFSeVU2aVpnaUdVOUdoQ3ZjZURjSFRpdUwiLCJtYWMiOiI4MzVkZTg4MTE1NDg5MzI3MjNiOTViMTQzYzE2MGM5ZmFmYjdiMWNiZDY0MWNmMDg5MzJiN2I0NWQxODE5YzVhIn0%3D
HTTP/1.1 401 Unauthorized
Date: Tue, 31 Aug 2021 23:49:59 GMT
Server: Apache
www-authenticate: jwt-auth
Cache-Control: no-cache, private
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 59
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT
Access-Control-Max-Age: 1000
Access-Control-Allow-Headers: x-requested-with, Content-Type, origin, Authorization, accept, client-security-token
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8