The previous Authenticate::redirectTo() -> null fix was incomplete:
Laravel's default Handler::unauthenticated() still falls back to
route('login') via '$exception->redirectTo() ?? route('login')'
whenever the request isn't detected as expectsJson() (no Accept:
application/json or X-Requested-With header), which throws
RouteNotFoundException since this app has no named login route.
Override unauthenticated() directly so this pure-API backend always
returns a JSON 401, regardless of request headers.
42 lines
1.1 KiB
PHP
42 lines
1.1 KiB
PHP
<?php
|
|
|
|
namespace App\Exceptions;
|
|
|
|
use Illuminate\Auth\AuthenticationException;
|
|
use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
|
|
use Illuminate\Http\JsonResponse;
|
|
use Throwable;
|
|
|
|
class Handler extends ExceptionHandler
|
|
{
|
|
/**
|
|
* The list of the inputs that are never flashed to the session on validation exceptions.
|
|
*
|
|
* @var array<int, string>
|
|
*/
|
|
protected $dontFlash = [
|
|
'current_password',
|
|
'password',
|
|
'password_confirmation',
|
|
];
|
|
|
|
/**
|
|
* Register the exception handling callbacks for the application.
|
|
*/
|
|
public function register(): void
|
|
{
|
|
$this->reportable(function (Throwable $e) {
|
|
//
|
|
});
|
|
}
|
|
|
|
/**
|
|
* This app is a pure JSON API (SPA frontend, no server-rendered login route),
|
|
* so unauthenticated requests always get a 401 JSON response instead of
|
|
* Laravel's default redirect-to-login fallback.
|
|
*/
|
|
protected function unauthenticated($request, AuthenticationException $exception): JsonResponse
|
|
{
|
|
return response()->json(['message' => $exception->getMessage()], 401);
|
|
}
|
|
}
|