#User doesn't stay authenticated when using Octane as server

2 messages · Page 1 of 1 (latest)

grand vigil
#

Hi all,
this might be a bit of a doozy, please stay with me.
I've inherited a Laravel 8 application and wanted to try using Octane with it, to improve load times (it does a lot of weird things so boot took almost 180ms per request).
However, now since switching to Octane, I'm having an issue where only the first request after authentication is authenticated.

For authentication the project is using "php-open-source-saver/jwt-auth": "^2.1" as JWT Middleware for its API routes (the ones of interest for me) and the exact issue I'm facing is in this bit of code:

    public function getAuthUser()
    {
        /** @var User $user */
        $userid = auth()->id();
        $user = User::where("id", $userid)
            ->with('pages')
            ->with('roles')
            ->with('discord')
            ->with('sentFriendRequests')
            ->with('receivedFriendRequests')
            ->with("caseDrops")
            ->with("badges")
            ->with("coinTransactions")
            ->with('pageMembers.page')
            ->first()
            ->makeVisible(["coins", "admin"]);

        return $user;
    }

What exactly is happening is that the first request returns the correct $userId and subsequent requests, even though all authenticated with a Bearer token and going through the same Middleware, all return null and even auth()->check() returns false.

Here's the middleware as well for good measure:

<?php

namespace App\Http\Middleware;

use Closure;
use Exception;
use Illuminate\Http\Response;
use PHPOpenSourceSaver\JWTAuth\Http\Middleware\BaseMiddleware;
use PHPOpenSourceSaver\JWTAuth\Facades\JWTAuth;

/**
 * Class JwtMiddleware
 * @package App\Http\Middleware
 */
class JwtMiddleware extends BaseMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param \Illuminate\Http\Request $request
     * @param \Closure $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        try {
            $user = JWTAuth::parseToken()->authenticate();
        } catch (Exception $e) {
            if ($e instanceof \PHPOpenSourceSaver\JWTAuth\Exceptions\TokenInvalidException) {
                return response()->json(['error' => 'Token is Invalid'], Response::HTTP_UNAUTHORIZED);
            } else if ($e instanceof \PHPOpenSourceSaver\JWTAuth\Exceptions\TokenExpiredException) {
                return response()->json(['error' => 'Token is Expired'], Response::HTTP_UNAUTHORIZED);
            } else {
                return response()->json(['error' => 'Authorization Token not found'], Response::HTTP_UNAUTHORIZED);
            }
        }
        return $next($request);
    }
}

I'm slowly losing my mind with this, any help would be greatly appreciated!

#

The routes also look fine to me (definitely using the jwt.verify middleware)

    Route::group(['middleware' => ['jwt.verify']], function() {
        Route::get("/", "UserController@getAuthUser");