i have a laravel application on version 5.7 . the problem is that my api is being called from outside of my server and people can easily call my api and send SMS and cause my some amount of charge . now what I want to do is that prevent the api from all locations to be called just my own server . I heard that laravel 7 has the cors configured but I wanted to know if there is any way for laravel 5.7 to do that . i have throttle for my api but it seems that its not working or the atacker changes the ips of servers .
so here is my kernel.php :
'api' => [
'throttle:1000,1',
'bindings',
],
'apiThrottle' => [
'throttle:4,10',
],
];
You can install https://github.com/spatie/laravel-cors/ package. That will create a file called cors.php under config folder. Follow all the setup instructions, are few.
There you can specifiy which origins are allowed (example)
'allow_origins' => [
'http://127.0.0.1/*',
'https://127.0.0.1/*',
'http://localhost/*',
'https://localhost/*',
],
Related
can anyone teach me why i cant authenticate my laravel session iny my localhost? (database driven!)
Im actually using the auth service from breezer.
**
my first question is: is it possible to auth a user on a localhost by laravels sessions authentication? For me it worked only in production.
My Frontend goes with Angular.
My trys to authenticate and log the user with:
Auth::guard('api')->check()
Auth::guard('web')->check()
Auth::guard()->check()
failed all, f.E gives me a null error.
auth defaults runs on:
defaults' => [
'guard' => 'api',
'passwords' => 'users',
],
my ENV datas looks like:
SESSION_DRIVER=database
SESSION_LIFETIME=180
SESSION_DOMAIN=localhost:4200
APP_URL=localhost:8000
APP_ENV=local
I recently added laravel/nexmo-notification-channel to my laravel project which also installed Nexmo/nexmo-laravel.
After installing, I published vendor files so that I get config/nexmo.php and in there I noted that it looks in the .env file for NEXMO_KEY and NEXMO_SECRET.
So I went ahead and created these within my .env file
NEXMO_KEY=[my_key]
NEXMO_SECRET=[my secret]
NEXMO_SIGNATURE_SECRET=[my signature secret]
After this, I added Nexmo to my service providers in app.php:
'providers' => [
...,
Nexmo\Laravel\NexmoServiceProvider::class
]
and also added the following in config/services.php:
'nexmo' => [
'key' => env('NEXMO_KEY', ''),
'secret' => env('NEXMO_SECRET', ''),
'sms_from' => '[my number]'
],
But I still get the following error when thrying to send an SMS using the use Illuminate\Notifications\Messages\NexmoMessage; class:
"message": "Provide either nexmo.api_secret or nexmo.signature_secret",
I can use these same credentials to send an SMS from CLI, so why can't I send it from laravel?
There have been a couple of workarounds for this that are valid, but at first glance it looks like the Nexmo package does the work to bring in the ENV secrets into Laravel's config. Because of caching problems, you should never call env() within Laravel, instead you should be using config() - so in this case, config(nexmo.api_secret).
My main point here though is that I can't look into the "correct" solution for you because the package is abandoned. Nexmo is no longer Nexmo, it's Vonage, and Laravel core team have subsequently updated the notification-channel package.
For supported use to integrate Vonage services (SMS), please use the following package:
https://github.com/laravel/vonage-notification-channel
I'm not sure exactly why, but, Vonage/Nexmo doesn't pick details from the .ENV.
Instead, use a global constant to fetch the secrets:
Create a global.php file in the config folder, and add your secrets from the env like this:
<?php
return [
// Other constants values
'SMS_API_KEY' => env('SMS_API_KEY', ''),
'SMS_API_SECRET' => env('SMS_API_SECRET', ''),
]
?>
Then, you can use the constants in your controller as usual:
'key' => config('global.SMS_API_KEY'),
'secret' => config('global.SMS_API_SECRET')
then: recache, php artisan config:cache
I am trying to implement Redis publishing in my local RESTful API which is built in Laravel for the purposes of implementing a chat system later on with Web Sockets. I intend to read them from a Node.JS server later on.
I am using Redis::publish to publish a simple message to my test-channel.
However, for some reason Laravel doesn't seem to publish to it.
I have also noticed that when I call Redis::set, whatever I set doesn't get persisted in Redis, but using Redis::get I can read the values that I'm setting.
public function redis(Request $request) {
$data = $request->validate([
'message' => 'string|required'
]);
Redis::publish('test-channel', 'a test message');
return 'Done';
}
I am using the code above in the api/redis route:
Route::post('/redis', 'API\MessageController#redis');
I have subscribed to the test-channel using the redis-cli command.
If I manually publish a message to the test-channel using the redis-cli in a terminal instance, I properly receive the messages that I am publishing. However, they don't seem to get published with Laravel for some reason.
What I can notice while running php artisan serve and visiting the aforementioned route is Laravel logging the following:
[*timestamp*] 127.0.0.1:39448 Accepted
[*timestamp*] 127.0.0.1:39448 Closing
The port after 127.0.0.1 appears to be random.
I tried both php-redis php extension and the predis package, just to be sure that it isn't any one of them, but I get the same result with both of them. I am currently using php-redis with both igbinary and redis extensions enabled in /etc/php/config.d and have removed the Redis alias from config/app.php.
I am using PHP 7.4, Laravel 6.0 and Redis 5.0.7 on Manjaro.
Been there, discovered that with:
$ redis-client
psubscribe *
will show you what's going on.
Chances are that your default config/database.php contains something like:
'redis' => [
'client' => env('REDIS_CLIENT', 'predis'),
'options' => [
'cluster' => env('REDIS_CLUSTER', 'redis'),
'prefix' => env('REDIS_PREFIX', Str::slug(env('APP_NAME', 'laravel'), '_').'_database_'),
],
In that case, the channel name will be prefixed with this prefix option.
So you can just comment this option, or, if you keep it, be sure to subscribe to the right channel
Redis::publish('test-channel', 'a test message');
$prefix = config('database.redis.options.prefix');
$channel = $prefix . 'test-channel';
return "Done. (published on $channel)";
I'm using Laravel 6 and php 7 along with ReactJS. I'm following Build a Basic CRUD App with Laravel and React tutorial to learn how to make a CRUD app. In the tutorial, it says that I need to enable CORS so the API can be accessed from the front-end application. After I install the barryvdh cors by running:
composer require barryvdh/laravel-cors
and add it to my Kernel.php:
protected $middlewareGroups = [
'web' => [
...
\Barryvdh\Cors\HandleCors::class,
],
'api' => [
...
\Barryvdh\Cors\HandleCors::class,
],
];
the class is still undefined in Laravel and I get the error shown here
Here is a screenshot of my code.
Does anyone know how to solve this issue?
It looks like you're using an out of date tutorial. If you Google for barryvdh/laravel-cors, you'll see that the repository has been renamed to fruitcake/laravel-cors.
composer require fruitcake/laravel-cors
I suspect that the dependency therefore didn't install, or if it did, that you're referencing the incorrect namespace. It should be:
\Fruitcake\Cors\HandleCors::class
I am trying to upgrade my Laravel 5.5 project to 5.7. I use supervisor and before I was using configureMonologUsing() to generate the logs but apparently with 5.6 upgrade, it got depreciated. My full code in L5.5 was: in bootstrap/app.php:
$app->configureMonologUsing( function( Monolog\Logger $monolog) {
$processUser = posix_getpwuid( posix_geteuid() );
$processName= $processUser[ 'name' ];
$filename = storage_path( 'logs/laravel-' . php_sapi_name() . '-' . $processName . '.log' );
$handler = new Monolog\Handler\RotatingFileHandler( $filename );
$monolog->pushHandler( $handler );
});
And it was generating various loggers like (which was convenient):
laravel-cli-root-{date},
laravel-cli-ubuntu-{date},
laravel-cli-www-data-{date},
laravel-fpm-fcgi-www-data-{date}, etc...
However, it says in the upgrade guide so I can't use configureMonologUsing any more:
The configureMonologUsing Method
If you were using the configureMonologUsing method to customize the Monolog instance for your application, you should now create a custom Log channel. For more information on how to create custom channels, check out the full logging documentation.
I couldn't figure out how to achieve the same with logging channels. How can I utilise Monolog Channel to be able to write laravel/storage/logs folder?
Taken from https://stackoverflow.com/a/49379249/4705339
Laravel version 5.6.10 and later has support for a permission element in the configuration (config/logging.php) for the single and the daily driver:
'daily' => [
'driver' => 'daily',
'path' => storage_path('logs/laravel.log'),
'level' => 'debug',
'days' => 7,
'permission' => 0664, // this line lets the file owner to be www-data:www-data
],
No need to juggle with Monolog in the bootstrap script.
Specifically, support was added in https://github.com/laravel/framework/commit/4d31633dca9594c9121afbbaa0190210de28fed8.