laravel authentication
php artisan make:middleware BasicAuth //In console.
//BasicAuth.php file is created:
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
class AdminAuth {
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next) {
return $next($request);
}
}
//Replace handle function:
public function handle($request, Closure $next) {
//The following line(s) will be specific to your project, and depend on whatever you need as an authentication.
$isAuthenticatedAdmin = (Auth::check() && Auth::user()->admin == 1);
//This will be excecuted if the new authentication fails.
if (! $isAuthenticatedAdmin)
return redirect('/login')->with('message', 'Authentication Error.');
return $next($request);
}
//In app/Http/Kernel.php, add this line:
protected $routeMiddleware = [
/*
* All the laravel-defined authentication methods
*/
'adminAuth' => \App\Http\Middleware\AdminAuth::class //Registering New Middleware
];
//In routes/web.php, add this at the end of the desired routes:
Route::get('/adminsite', function () {
return view('adminsite');
})->middleware('adminAuth'); //This line makes the route use your new authentication middleware.
# Database Preparation
// add api_token to users table
Schema::table('users', function ($table) {
$table->string('api_token', 80)->after('password')
->unique()
->nullable()
->default(null);
});
// Create token for existing users, code can also be added to registerController
$token = Str::random(60);
$user = User::find(1);
$user->api_token = hash('sha256', $token); // <- This will be used in client access
$user->save();
//config/auth.php
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token', // <- Add this entry
'provider' => 'users',
'hash' => false,
],
],
//routes/api.php
// Add "middleware('auth:api')" as below
Route::middleware('auth:api')->get('/user', function (Request $request) {
return $request->user();
});
//client access example (in Vue js)
axios.get('http://example.com/api/user',
{
headers: {
'Accept': 'application/json',
'Authorization': 'Bearer '+ 'user-api-token'
}
}
)
.then(function (response) {
// handle success
console.log(response);
})
.catch(function (error) {
// handle error
console.log(error);
})