This is my scenario:
We need to use some Laravel API methods in the same web app where they are stored. (I'm using Laravel 5.5)
I have the api routes used by third parts applications with Bearer Token and the worked like a charm.
So, I've created other routes group that doesn't use "api:auth" middleware but the "auth" one (with "web" middleware addition).
RouteService provider initialization (method invoked in "map" one):
protected function mapWebApiRoutes() {
Route::prefix('web_api')
->middleware('web')
->as('web_api.')
->namespace($this->namespace."\\API")
->group(base_path('routes/web_api.php'));
}
Routes declaration:
Route::group(['prefix' => 'v1', 'middleware' => ["auth"]], function () {
// routes....
});
So, if i run "php artisan route:list", it outputs routes like:
GET|HEAD | web_api/v1/controller | web_api. | ...\API\Controller#index | web,auth
POST | web_api/v1/controller/lists | web_api. | ...\API\Controller#lists | web,auth
I've added routes to VerifyCsrfToken except array:
protected $except = [
"web_api/*"
];
The routes with GET method works as well as they can when the user is logged on our platform (through auth middleware) but the POST routes returns an unauthorized error with this body:
{message: "Unauthenticated."}
Question:
Considering that I have excluded those routes from CSRF verification, somebody could explain to me what that error is caused by?
Related
I have a quick question I know it wouldn't take so much time to fix but somehow I don't seem to easily find the solution.
I am building a basic api for a mobile application. I placed by api routes in api.php
<?php
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/
Route::middleware('auth:api')->get('/user', function (Request $request) {
return $request->user();
});
Route::post('/v1/meeting/record', 'App\Http\Controllers\Attendance#record');
The problem is anytime I send a request to this route it responds with page status 419 (Page Expired).
This is my record method in the Attendance Controller
public function record(Request $request)
{
return response()->json([
"message" => "student record created"
], 201);
}
I added the api/* to the excludes in verifycsrftoken.php but it didn't change anything.
Am I doing anything wrong?
php artisan route:cache
This has fixed it for me in the past.
Here is a discussion on all of the ways to clear cache:
https://dev.to/kenfai/laravel-artisan-cache-commands-explained-41e1
import your controller at the top of the controller class
App\Http\Controllers\Attendance;
then define your route as such
Route::post('/v1/meeting/record', [Attendance::class,'record']);
try this and let me know. thanks
I'm writing my project on Laravel. When I optimize the project, I have a problem :
Unable to prepare route [api/user] for serialization. Uses Closure.
I looked for any closures in web.php, but I didn't find anything
<?php
/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| contains the "web" middleware group. Now create something great!
|
*/
Route::get('/','ReviewsController#main')->name('main');
Route::post('/','MailController#verify')->name('verifyPost');
Route::get('/reviews', 'ReviewsController#index')->name('reviews');
Route::post('/reviews','ReviewsController#add')->name('addReview');
Auth::routes();
Route::group(['middleware' => 'admin','prefix' => 'admin'],function () {
Route::get('/', 'HomeController#index')->name('admin');
Route::get('/reviews', 'Admin\ReviewsController#get')->name('admin.reviews');
Route::get('/reviews/accepted/{id}','Admin\ReviewsController#accept')->where('id','\d+')->name('admin.accepted');
Route::delete('/reviews/delete','Admin\ReviewsController#delete')->name('reviews.delete');
});
in api.php file search and comment this route you will not get error..
Route::middleware('auth:api')->get('/user', function (Request $request) {
return $request->user();
});
and also in web.php file route::group is also closure and also comment them for test
Route::group(['middleware' => 'admin','prefix' => 'admin'],function () {
Route::get('/', 'HomeController#index')->name('admin');
Route::get('/reviews', 'Admin\ReviewsController#get')->name('admin.reviews');
Route::get('/reviews/accepted/{id}','Admin\ReviewsController#accept')->where('id','\d+')->name('admin.accepted');
Route::delete('/reviews/delete','Admin\ReviewsController#delete')->name('reviews.delete');
});
see what is closure
Php routing cache command :
php artisan route:cache
if your application using controller based routes. It help for fast execution. But remember "Closure based routes cannot be cached"
So kindly convert your Closure routes to controller classes.
For more information
Make sure to Check "routes/api.php"
To create a Role/permission bases laravel app I'm using Zizaco/entrust package.
Now I want to use an approach that no need to assign defined perms to routes as different middlewares in web.php and that is:
First fetches all defined routes (via Route::getRoutes()->getRoutes() ) and store each of them in permissions table.
We can get all routes by this code:
$routes = collect(Route::getRoutes()->getRoutes())->reduce(function ($carry = [], $route) {
$carry[] = $route->uri();
return $carry;
});
On the other hand we can define roles that have those permissions and attach those to user in normal way.
Now when a user want to access a page , first we get route path name and then by can method defined in entrust we check that user can access to that route or not. this can done via a simple middleware named checkAccess for example that is added to all routes as a route group. like this:
class checkAccess
{
public function handle($request, Closure $next)
{
if (Auth::check()) {
$currentName = Route::getCurrentRoute()->getPath();
if (Auth::user()->can($currentName)) {
return $next($request);
}else{
return response()->view('errors.403', ['prevPage'=> URL::previous()]);
}*/
return $next($request);
}
return Redirect::to('/admin/login');
}
}
Route::middleware(['checkAccess'])->group(function () {
//Other routes
});
But a problem is that some resource routes have same route path but different method access. like:
+-----------+-----------------+---------+----------------+
| METHOD | URL | Action | Route Name |
+-----------+-----------------+---------+----------------+
| GET | /photos/{photo} | show | photos.show |
| PUT/PATCH | /photos/{photo} | update | photos.update |
| DELETE | /photos/{photo} | destroy | photos.destroy |
+-----------+-----------------+---------+----------------+
And this is cause duplicate permission name Although they are really different in action.
I want to know are there any relative way to create dynamically permission. or what can I do that to solve this problem in this case?
I am not sure if that is the thing that you need, but maybe it will help you. I have modular application structure and for each module one route.php file. In that file my routes depend on permission:
Route::get('/edit/{param?}', [
'as' => 'get.users.edit',
'uses' => 'UsersController#getEdit',
'middleware' => ['permission:admin']
]);
I am running Laravel 5.4 and have my API routes setup with an API middleware that verifies an authentication token sent in the headers.
However, I want to avoid, or prevent the api/Login (route that generates the auth token) from being subject to the middleware.
Currently, in my API middleware, before any logic happens I have:
if(strpos($request->getUri(), 'Login')):
return $next($request);
endif;
I would like to remove checking if the route is the Login route before proceeding with the middleware logic. Is there a native way in Laravel to accomplish the above?
Note: all API routes are protected via an API middleware group which I have created in the Http/Kernel, then added the in the RouteServiceProvider.
You could add an except property in your middleware
Route::group(['middleware' => ['api'], 'except' => 'Login'], function () {
// Your Routes
});
I'm new in Laravel 4 development, can't find enough information about resource method in Route class
Route::resource();
How to use it?
It's a great way to setup API's. It implements RESTful in a clever way. The recourse controller route can catch a request and maps it to a specific method in the controller based on the RESTful state.
routes.php
/*
|--------------------------------------------------------------------------
| Application Routes
|--------------------------------------------------------------------------
|
| Here is where you can register all of the routes for an application.
| It's a breeze. Simply tell Laravel the URIs it should respond to
| and give it the Closure to execute when that URI is requested.
|
*/
// Route group for API versioning
Route::group(array('prefix' => 'api/v1'), function() {
Route::resource('posts', 'PostController');
});
For example:
POST = store() (Create a new entry)
DELETE = destroy($id) (Delete an entry)
GET = index() (Get all entries)
GET = show($id) (Get one entry)
PUT = update($id) (Update an entry)
A practical example:
How do I create a RESTful API in Laravel to use in my BackboneJS app