// App\Http\Requests\LoginRequest
<?
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
class LoginRequest extends FormRequest
{
public function authorize()
{
return false;
}
public function rules()
{
return [
'username' => [
'required',
]
];
}
}
// App\Http\Controllers\Admin
<?php
namespace App\Http\Controllers\Admin;
use App\Http\Requests\LoginRequest;
use Illuminate\Cache\RateLimiter;
/**
* Class Auth
* @package App\Http\Controllers\Admin
*/
class Auth extends BaseController
{
public function login()
{
return view('admin.login');
}
public function dologin(LoginRequest $request)
{
dd($request->fails());
$rl = app(RateLimiter::class);
$res = $rl->tooManyAttempts($this->getFailKey($request),5,3);
if ($res)
return redirect()->back()->withErrors(['errors'=>'3分钟内错误超过5次,请稍后重试']);
$rl->hit($this->getFailKey($request));
}
private function getFailKey(Request $request)
{
return $request->input('username').':'.$request->ip();
}
}post登录后直接显示Forbidden。为何?
update 问题已解决。
authorize应该返回true。返回false就会出个forbidden。但是问题来了。我希望当auth为false的时候自己处理逻辑。怎么搞?
重写基类的如下 方法:
/**
* Get the response for a forbidden operation.
*
* @return \Illuminate\Http\Response
*/
public function forbiddenResponse()
{
return new Response('Forbidden', 403);
}
在你的 LoginRequest 下按照自己的逻辑重写该方法。