I want to apply cors in dingo api in laravel.
Because, I am getting this error.
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000' is therefore not allowed access. The response had HTTP status code 500.
I have tried this.
Created Cors middleware.
Added like this Cors.php
<?php
namespace App\Http\Middleware;
use Closure;
class Cors
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
->header('Access-Control-Allow-Headers',' Origin, Content-Type, Accept, Authorization, X-Request-With')
->header('Access-Control-Allow-Credentials',' true');
}
}
Then modified Kernel.php like this.
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'cors' => \App\Http\Middleware\Cors::class,
];
Now, I want to know how to add middleware in dingo api routes.
Routes are like this.
$api->version('v1', function($api){
$api->GET('statelist', 'App\Http\Controllers\HospitalController#statelist');
});
$api->version('v1', function($api){
$api->GET('citylist', 'App\Http\Controllers\HospitalController#citylist');
});
try
$api->version('v1', function ($api) {
$api->group(['middleware' => 'cors'], function ($api) {
$api->GET('statelist', 'App\Http\Controllers\HospitalController#statelist');
$api->GET('citylist', 'App\Http\Controllers\HospitalController#citylist');
});
});
Related
So right now I'm using Laravel's default auth for api routes by doing this:
Route::group(['middleware' => ['auth:api']], function() {
...
}
The only thing with this is that it will throw a 401 if a non logged in user hits that page.
What I'm wondering is if there's a way to have a route that will login the user if a token is sent, but if not, they can still hit the api.
I know this will most likely be a custom Middleware, but I don't have a lot of experience with creating Middlewares so I'm not really sure where to start
EDIT
app/Http/Kernel.php
<?php
namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* #var array
*/
protected $middleware = [
// \App\Http\Middleware\TrustHosts::class,
\App\Http\Middleware\TrustProxies::class,
\Fruitcake\Cors\HandleCors::class,
\App\Http\Middleware\PreventRequestsDuringMaintenance::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
];
/**
* The application's route middleware groups.
*
* #var array
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
'throttle:1000,1',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\Fruitcake\Cors\HandleCors::class,
],
];
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* #var array
*/
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'admin' => \App\Http\Middleware\IsAdmin::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'cors' => \Fruitcake\Cors\HandleCors::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
];
}
Here's a pretty simplified version of my routes api.php file
routes/api.php
<?php
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/
Route::group(['prefix' => 'v2', 'middleware' => ['cors:api']], function() {
//routes that people need to be logged into to do
Route::group(['middleware' => ['auth:api']], function() {
Route::post('/comments/save/{type}/{id}', 'App\Http\Controllers\Api\v2\CommentController#save');
Route::get('/leagues/{id}', 'App\Http\Controllers\Api\v2\LeaguesController#get');;
});
Route::post('/auth/login', 'App\Http\Controllers\Api\v2\AuthController#login');
Route::post('/contact', 'App\Http\Controllers\Api\v2\ContactController#sendMessage');
});
Basically I'm wanting the ability to hit the /leagues/{id} route with either a logged in user or a non logged in user. And if the user is logged in grab the user via Auth::user(). If it helps at all, I'm using React for a front end and sending an api_token in the Authorization header like Bearer $token.
I figured out a way by creating my own custom Middleware. For anyone interested, here it is:
<?php
namespace App\Http\Middleware;
use Closure;
use Auth;
use App\Models\User;
class OptionalAuthenticate
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
$header = $request->header('Authorization');
if(!empty($header)){
$token = str_replace('Bearer ', '', $header);
$user = User::where('api_token', '=', $token)->first();
if(!empty($user)){
Auth::login($user);
}
}
return $next($request);
}
}
I need to turn my laravel api + angular sanctum authentication into a SAML authentication.
I've noticed that I need to use a laravel plugin like laravel-saml2 or laravel-saml2. (Yes... Same name but different plugins)
I intend to use OKTA because I am already using it to authenticate in my Stack ELK.
But my biggest doubt is: Since my front-end (angular) is communicating to my backend through a stateless API (sanctum), is it possible to implement a SSO SAML to authentication?
I would truly appreciate if anyone could show me how it is possible. And in case it is not, how could my app be rethinked to achieve this goal.
Thanks in advance.
i had the same requirement working according to the next:
Laravel 8 with sanctum (the key to make use of SANCTUM_STATEFUL_DOMAINS)
Make sure your Angular URL application is configured in SANCTUM_STATEFUL_DOMAINS (.env)
like
SANCTUM_STATEFUL_DOMAINS=localhost:4200
laravel-saml2 (https://github.com/aacotroneo/laravel-saml2) configured accorded to documentation.
In app/Http/Kernel.php
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'saml' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
],
];
And
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
// Add SAML Middleware
'auth.saml' => \App\Http\Middleware\SAMLAuthenticated::class,
];
In app/Providers/EventServiceProvider.php
namespace App\Providers;
use Aacotroneo\Saml2\Events\Saml2LoginEvent;
use App\Models\User;
use Illuminate\Auth\Events\Registered;
use Illuminate\Auth\Listeners\SendEmailVerificationNotification;
use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Event;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Session;
class EventServiceProvider extends ServiceProvider
{
/**
* The event listener mappings for the application.
*
* #var array
*/
protected $listen = [
Registered::class => [
SendEmailVerificationNotification::class,
],
];
/**
* Register any events for your application.
*
* #return void
*/
public function boot()
{
Event::listen('Aacotroneo\Saml2\Events\Saml2LogoutEvent', function ($event) {
Auth::logout();
Session::save();
});
Event::listen('Aacotroneo\Saml2\Events\Saml2LoginEvent', function (Saml2LoginEvent $event) {
$messageId = $event->getSaml2Auth()->getLastMessageId();
// Add your own code preventing reuse of a $messageId to stop replay attacks
$user = $event->getSaml2User();
$userData = [
'id' => $user->getUserId(),
'attributes' => $user->getAttributes(),
'assertion' => $user->getRawSamlAssertion()
];
//If it not exists, create a Laravel User from an Authenticated SAML account
$laravelUser = User::firstOrCreate([
'email' => $user->getAttribute("urn:oid:0.9.2342.19200300.100.1.3")[0],
'name' => $user->getAttribute("urn:oid:0.9.2342.19200300.100.1.1")[0],
], ['password' => Hash::make('CREATE_DUMMY_NOT_BEING_USED')]);
Auth::login($laravelUser); // AUTHENTICATION WITHIN LARAVEL
});
}
}
Next, I've created a new Middleware (/app/Http/Middleware/SAMLAuthenticated.php)
namespace App\Http\Middleware;
use Aacotroneo\Saml2\Saml2Auth;
use Closure;
use Illuminate\Support\Facades\Auth;
class SAMLAuthenticated
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #param string|null ...$guards
* #return mixed
*/
public function handle($request, Closure $next, ...$guards)
{
if (!Auth::check())
{
if ($request->ajax())
{
return response('Unauthorized.', 401); // Or, return a response that causes client side js to redirect to '/routesPrefix/myIdp1/login'
}
else
{
// VERY IMPORTANT WHEN ANGULAR REQUEST
$retUrl = 'http://localhost:4200';
$saml2Auth = new Saml2Auth(Saml2Auth::loadOneLoginAuthFromIpdConfig('corsisa'));
return $saml2Auth->login($retUrl);
}
}
return $next($request);
}
}
You can test SAML Auth (/app/routes/web.php)
Route::middleware('auth.saml')->group(function () {
//protected routes go here
Route::get('/', function () {
return view('welcome');
});
});
// Also, you can map login & logout
Route::redirect('/login', '/saml2/<idp_name>/login')->name('login');
Route::redirect('/logout', '/saml2/<idp_name>/logout')->name('logout');
At this point, laravel application should redirect to SAML2 Login page.
Configure API routes, (app/routes/api.php:)
Route::middleware('auth.saml')->group(function () {
// Secured routes go here
Route::get('/me' ,function (Request $request) { return $request->user(); });
Route::get('/login' ,function (Request $request) {
return redirect('http://localhost:4200');
});
});
In Angular application, I use the next steps:
First, Make an HTTP Request to "http://laravel_api/api/me"
For example:
this.http.get<User>(URLHelper.concat(environment.API_BASE_URL, "api", "me"), { withCredentials: true, setHeaders: {"X-Requested-With": "XMLHttpRequest"} })
If response is 401, (UNAUTHORIZED), then will be redirected to "http://laravel_api/api/login"
window.location.replace(URLHelper.concat(environment.API_BASE_URL, "api", "login"), { withCredentials: true, setHeaders: {"X-Requested-With": "XMLHttpRequest"} })
Redirection will send the user to the SAML2 Login Page and then redirect back to Angular frontend. (by SAMLAuthenticated middleware )
So when redirect back is completed, Angular makes a new request to http://laravel_api/api/me, this time with an Auth Cookie generated by Sanctum.
Surely this procedure can be improved, but you can use it as a working starting point.
Regards
tried lots of things as in other solutions
in route.php
header('Access-Control-Allow-Origin: http://www.campaignpulse.com/');
or
header('Access-Control-Allow-Origin: www.campaignpulse.com/');
or
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE');
header('Access-Control-Allow-Headers: Content-Type, X-Auth-Token, Origin, Authorization');
Route::post('cors', ['middleware' => 'cors',function () { return response()->json(['message' =>'cors'], 200); } ]);
cors.php
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', 'http://www.campaignpulse.com/')
or
->header('Access-Control-Allow-Origin', 'www.campaignpulse.com/')
or
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
->header('Access-Control-Allow-Headers: Content-Type, X-Auth-Token, Origin, Authorization');
}
kernal.php
protected $middleware = [
\App\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\TrustProxies::class,
\App\Http\Middleware\Cors::class,
];
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
'cors' => \App\Http\Middleware\Cors::class,
];
react part
return fetch('http://www.campaignserver.com:81/cors',
{
method: 'post',
credentials: "same-origin",
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': 'www.campaignpulse.com' },
}
).then(response => response.json())
.then(resData => {
console.log(resData)
})
and the error is
Access to fetch at 'http://www.campaignserver.com:81/cors' from origin 'http://www.campaignpulse.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
what else can i try ? please suggest
Cross origin requests made by a browser will send a pre-flight OPTIONS request to your server, which has to return at least the Access-Control-Allow-Origin header.
It is not sufficient to just return it with the response to a POST route.
I recommend to use a package like https://github.com/barryvdh/laravel-cors to provide the CORS middleware and configuration
Also notice that the origin is a host name or a wildcard.
Valid values for the ACAO header are for example
*
https://www.example.org
No URI parts
edit
have to correct myself, apparently protocol and port are valid parts of the ACAO header, which makes sense
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
edit2
To debug this, make sure that both
OPTIONS http://www.campaignserver.com:81/cors
and
POST http://www.campaignserver.com:81/cors
Return a header
Access-Control-Allow-Origin: http://www.campaignserver.com:81
or
Access-Control-Allow-Origin: *
I followed this post but it only worked for GET method (as you can see it is mentioned in comments). I also installed this pakage but again it only works for GET method. This the error I get:
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin my origin is therefore not allowed access. The response had HTTP status code 403.
PHP version: 7.1
Laravel version: 5.6
Frontend application: angular app (Do I need to change sth here?)
//Cours.php (middleware I created myself using the first method)
class Cors
{
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT,
DELETE, OPTIONS');
}
}
//cors.php (config/cors.php second method using the laravel-cors package)
return [
'supportsCredentials' => false,
'allowedOrigins' => ['*'],
'allowedOriginsPatterns' => [],
'allowedHeaders' => ['*'],
'allowedMethods' => ['*'],
'exposedHeaders' => [],
'maxAge' => 0,
];
//kernel.php
namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
{
protected $middleware = [
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\TrustProxies::class,
\Barryvdh\Cors\HandleCors::class,
];
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
'throttle:60,1',
'bindings',
],
];
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'cors' => \App\Http\Middleware\Cors::class,
];
}
No need any type package for laravel-cors.
Just create Middleware:
namespace App\Http\Middleware;
use Closure;
class Cors {
public function handle($request, Closure $next) {
$allowedOrigins = ['http://myroute.xyz', 'http://clarkconcepts.net','http://localhost'];
$origin = isset($_SERVER['HTTP_ORIGIN']) ? $_SERVER['HTTP_ORIGIN'] : '';
if (in_array($origin, $allowedOrigins)) {
return $next($request)
->header('Access-Control-Allow-Origin', $origin)
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
->header('Access-Control-Allow-Headers',' Origin, Content-Type, Accept, Authorization, X-Request-With, cache-control,postman-token, token')
->header('Access-Control-Allow-Credentials',' true');
}
return $next($request);
}
}
In app/Http/Kernel.php
add Middleware in $middleware section:
protected $middleware = [
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\TrustProxies::class,
\App\Http\Middleware\Cors::class, //added here
];
you need use first method this post without use any package then add also this class to protected $middleware like this post then post method also have desired headers.
it works for me, I hope work for you.
You could also use the great laravel-cors package by barryvdh.
After you have the package installed, the easiest way to get CORS support for all your routes is to add the middleware like this in Http/Kernel.php: ($middleware)
\Barryvdh\Cors\HandleCors::class
And edit config/Cors.php 'allowedOrigins' => ['*']
More info check https://github.com/barryvdh/laravel-cors/blob/master/readme.md
I'm attempting to bind a function to the routing so it takes effect globally.
Basically I'm using Hashids to obfuscate the IDs, and want to be able to decode the ID on the route level so I don't need to do it everywhere the ID is uses in different controllers.
I've attempted to do the following at the top of the api routes file:
api.php
<?php
use Dingo\Api\Routing\Router;
use Hashids\Hashids;
Route::bind('id', function ($id) {
return Hasher::decode($id);
});
/** #var Router $api */
$api = app(Router::class);
But it doesn't seem to have any effect.
I have a couple of routes that use the ID I want to decode at the bottom of the routes file:
$api->get('leads/{id}', 'App\\Api\\V1\\Controllers\\LeadController#show');
$api->put('leads/update/{id}', 'App\\Api\\V1\\Controllers\\LeadController#update');
Really at a loss as to how to get this to work, I've tried using $api->bind and others but they all call undefined functions.
Sure this is an easy thing, but I'm just starting out with Laravel so this is a bit beyond me at this point.
Many thanks!
Based on the hint that Serge gave me, I've attempted to move this functionality into Middleware, but still due to a full lack of understanding, this isn't working.
I have the following middleware:
<?php
namespace App\Http\Middleware;
use Closure;
use Junity\Hashids\Facades\Hashids;
class DecodeHashids
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if($request->has('id'))
$request->id = Hasher::decode($request->id);
return $next($request);
}
}
I've added it to Kernal.php:
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
'throttle:60,1',
'bindings',
'decode',
],
];
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* #var array
*/
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'jwt.auth' => GetUserFromToken::class,
'jwt.refresh' => RefreshToken::class,
'decode' => \App\Http\Middleware\DecodeHashids::class,
];
}
and added it in the api routes file as so:
$api->group(['middleware' => 'jwt.auth'], function(Router $api) {
$api->get('protected', function() {
return response()->json([
'message' => 'Access to protected resources granted! You are seeing this text as you provided the token correctly.'
]);
});
$api->get('refresh', [
'middleware' => 'jwt.refresh',
function() {
return response()->json([
'message' => 'By accessing this endpoint, you can refresh your access token at each request. Check out this response headers!'
]);
}
]);
$api->group(['middleware' => 'decode'], function(Router $api) {
$api->get('leads/{id}', 'App\\Api\\V1\\Controllers\\LeadController#show');
});
I get no errors, but the ID is not decoded when it passes through to the controller.
Thanks to the help from Serge, I managed to complete the Middleware.
Middleware as below, it updates the Route ID Parameter with the decoded value, and this Middleware is added to the Kernal.
<?php
namespace App\Http\Middleware;
use Closure;
use Hashids;
class DecodeHashids
{
public function handle($request, Closure $next)
{
if($request->route()->parameters('id'))
$request->route()->setParameter('id', Hashids::decode($request->id));
return $next($request);
}
}
Then in the API route file, I added a new group that uses the 'decode' Middleware:
$api->group(['middleware' => 'decode'], function(Router $api) {
$api->get('leads/{id}', 'App\\Api\\V1\\Controllers\\LeadController#show');
});
Can then of course add as many routes to this group where parameters need decoded.
Thanks Serge and the Laravel community for the help and responses on here and other sites. Hopefully this will help others.