如何在 Laravel 10 + Vue 3 中成功验证电子邮件?

huangapple go评论97阅读模式
英文:

How to successfully verify emails in Laravel 10 + Vue 3?

问题

我的应用程序正在使用 Laravel 10 + Vue 3。

它运行在服务器上的一个Web应用程序中,该Web应用程序本身具有HTTP URL。但是,托管提供商的支持告诉我,因为我已安装了SSL证书并打开了强制HTTPS设置,所以任何请求都会通过HTTPS进行。

域名具有https:// URL。

我的 APP_URL 具有一个 https:// 域。

我的 AppServiceProviderboot() 中有 URL::forceScheme('https');,这使得资源能够通过HTTPS正确加载。

我正在尝试设置电子邮件验证。

我通过以下方式创建验证URL:

$verificationUrl = URL::temporarySignedRoute(
    'verification_route', now()->addMinutes(30), ['id' => $user->id], true
);      

如果我立即使用以下方式检查它:

$request = Request::create($verificationUrl);
$isValid = $request->hasValidSignature();

$isValid 将为true;

然而,如果我复制该HTTPS URL并粘贴到新标签页中,我将收到403无效签名错误。

如果我像这样记录请求 Log::info($request->fullUrl());,就在生成URL之后,我会得到HTTPS URL,但在进行验证之前,我会得到URL的HTTP版本,尽管我粘贴的URL是HTTPS。

这在正常的Laravel安装中是不会发生的。在这里,它是Laravel + Jetstream + Inertia,如果问题不是托管帐户控制面板中的Web应用程序的初始HTTP协议设置,那么安装中的某些地方是样板文件,会将HTTPS请求更改为HTTP。

在路由中,我也尝试过这样做:

Route::group(['scheme' => 'https'], function() {
  //相关路由
});

然后就好像这些路由根本不存在一样。

有谁知道什么可能会导致应用程序将HTTPS URL请求视为HTTP请求,除非我完全禁用SSL和HTTPS,否则无法进行任何签名验证?

英文:

My app is using Laravel 10 + Vue 3.

It's running in a Web App on the server, that itself has a HTTP URL. But the hosting provider's support tells me that any request is made over HTTPS, because I have a SSL certificate installed and a Force HTTPS setting turned on.

The domain has a https:// URL.

My APP_URL has an https:// domain.

My AppServiceProvider has URL::forceScheme('https'); in boot().
Which makes the assets correctly load through HTTPS.

I am trying to set up email verification.

I create the verification URL this way:

$verificationUrl = URL::temporarySignedRoute(
    'verification_route', now()->addMinutes(30), ['id' => $user->id], true
);      

If I check it immediately using:

$request = Request::create($verificationUrl);
$isValid = $request->hasValidSignature();

$isValid will be true;

If I copy that HTTPS URL and paste it in a new tab, however, I will get a 403 Invalid Signature error.

If I log the request like this Log::info($request->fullUrl());, right after the URL was generated, I get the HTTPS URL, but, right before it gets verified, I get a HTTP version of the URL, even though the URL I pasted is HTTPS.

That would never happen with a normal Laravel installation. Here it's Laravel + Jetstream + Inertia, and if the issue isn't the initial HTTP protocol of the Web App set up in the hosting account's control panel, then there is something somewhere in the installation, that is boilerplate, changing HTTPS requests into HTTP.

I have tried this as well in the routes:

Route::group(['scheme' => 'https'], function() {
  //relevant routes
});

And then it's like these routes don't exist at all.

Does anybody know what could cause a HTTPS URL request to be seen by the app as a HTTP request, making any signature verification impossible unless I disabled SSL and HTTPS entirely?

Edit recommended by StackOverflow: my question is different from this one because all my routes are already HTTPS.

答案1

得分: 0

问题已通过以下方式解决:

  1. .env 中创建此变量,其中包含服务器的 IP 地址:
TRUSTED_PROXY_IP=XXX.X.XXX.XX
  1. 将此行添加到 config/app.php 中:
'trusted_proxies' => env('TRUSTED_PROXY_IP', '127.0.0.1'),
  1. 将此内容添加到 TrustProxies 中间件中:
public function __construct()
{
  $this->proxies = [
    '127.0.0.1',
    config('app.trusted_proxies'),
  ];
}
英文:

The issue was solved by:

  1. creating this variable in .env with the IP address of the server:
TRUSTED_PROXY_IP=XXX.X.XXX.XX
  1. adding this line into config/app.php:
'trusted_proxies' => env('TRUSTED_PROXY_IP', '127.0.0.1'),
  1. adding this to the TrustProxies middleware:
public function __construct()
{
  $this->proxies = [
    '127.0.0.1',
    config('app.trusted_proxies'),
  ];
}

huangapple
  • 本文由 发表于 2023年8月5日 08:22:24
  • 转载请务必保留本文链接:https://go.coder-hub.com/76839698.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定