I'm trying to prevent people from accessing the /dashboard route unless they're authenticated(logged in). I looked at the laravel docs and here's what I thought I was supposed to do to accomplish this.
Route::group(['middleware' => 'auth'], function (){
Route::get('/dashboard', [
'uses' => 'UserController#getDashboard',
'as' => 'dashboard'
]);
});
You don't need to add that extra middleware in the route. Just use the group and you'll be fine. You can see here: https://laravel.com/docs/5.1/routing#route-groups
Route::group(['middleware' => 'auth'], function () {
// User needs to be authenticated to enter here.
Route::get('/', function () {
// Uses Auth Middleware
});
Route::get('user/profile', function () {
// Uses Auth Middleware
});
});
Related
I use Laravel 7 for an API project, I have created a JWT Middleware, and I want to apply it to all my routes, except 2 of them.
For now I have in my routes/api.php :
Route::prefix('v1')->group(function () {
Route::get('ping', 'Api\Ping\PingController#ping');
// auth routes
Route::group(['prefix' => 'login/'], function () {
Route::post('login', 'Api\Auth\AuthController#login');
Route::group(['middleware' => 'jwt:api'], function() {
Route::get('me', 'Api\Auth\AuthController#me');
Route::post('refreshToken', 'Api\Auth\AuthController#refresh');
Route::post('logout', 'Api\Auth\AuthController#logout');
});
});
Route::group(['middleware' => 'jwt:api'], function() {
Route::resource('users', 'Api\User\UserController');
// my other routes protected .....
I don't like this approach because I need to copy the middleware.
I tried this approach :
Route::group(
[
'middleware' => ['jwt:api', ['except' => 'login/login']],
'prefix' => 'v1/',
], function() {
But I have this error :
Illegal offset type in isset or empty
Is it possible ? I want to group everything in my route file.
Possible solutions:
You can pass additional parameters to middleware via dots and check in middleware to do not use passed routes
Also, you can overwrite middleware and add some property\constant with array of excepts, like in csrf middleware
Implement ability in Laravel core to pass except array as in your exmaple and make a PR to framework github
Left it as you have done
I have this Laravel 5 app. There are two controllers: Index and Home.
In the index, I have the pages visible for users that haven't logged in yet. When a user logs in, he goes to the home controller.
Of course, I want a visitor not being able to view the routes under home-controller.
So I put a check inside the constructor for Home. But it redirects back to the index and doesn't seem to be the right way at all.
So having this group of routes:
Route::group(['prefix' => '/home'], function () {
Route::auth();
Route::get('index', 'HomeController#index');
Route::get('logout', 'HomeController#logout');
});
As you can see, I added.
Route::auth();
Which I thought should manage to deny access for visitors that haven't logged in. The home is still accessible for users that haven't logged in yet.
What is the way to describe directly inside the route.php that a bunch of routes (inside a group I guess) should first go through the authentication before serving the route?
Are you using this code within your controller?
public function __construct()
{
$this->middleware('auth');
}
You should add a auth middleware to protect your home group:
Route::auth();
Route::group(['middleware' => 'auth'], function() {
Route::group(['prefix' => '/home'], function () {
Route::get('index', 'HomeController#index');
Route::get('logout', 'HomeController#logout');
});
});
You may have a look at this: https://laravel.com/docs/5.2/authentication#protecting-routes
Its really simple in Laravel only thing you have to use is a single Middleware
see this DOC
EX:
Route::get('profile', ['middleware' => 'auth', 'uses' => 'ProfileController#show']);
this profile show route works only if user logged in.
If you have multiple routes to protect from non-authenticate users then use a route group,
Route::group(['prefix' => '/home', 'middleware' => ['auth']], function()
{
// user need to logged in order to access these routes
Route::get('/', function()
{
});
});
In kernal.php add 'auth' => 'MyespaceAdmin\Http\Middleware\Authenticate' in $routeMiddleware.
Authenticate.php in middleware directory check handle function for below code.
if ($this->auth->guest()) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('your login page url');
}
}
Then use middleware auth in routes or in your controller
I have faced some problem when i am going to use middleware group of Laravel 5.2 framework.
My routes.php file is:
Route::group(['prefix' => 'categories'], function () {
Route::get('all', ['as' => 'allCategory' , 'uses' => 'CategoryController#index']);
Route::get('add', ['as' => 'addCategory', 'uses' => 'CategoryController#create']);
Route::get('edit/{id}', ['as' => 'editCategory', 'uses' => 'CategoryController#edit']);
Route::post('save', ['as' => 'saveCategory', 'uses' => 'CategoryController#store']);
Route::put('update', ['as' => 'updateCategory', 'uses' => 'CategoryController#update']);
Route::get('delete/{id}', ['as' => 'deleteCategory', 'uses' => 'CategoryController#destroy']);
});
Route::group(['middleware' => ['web']], function () {
Route::get('/', function () {
return view('welcome');
});
Route::auth();
Route::get('/home', 'HomeController#index');
});
I am using here laravel defaults login/registration authentication.Using php artisan make:auth command.I want to give user restricted for some routes such as categories route group.So,
How can i restrict a user for categories route group?
If i use Route::group(['middleware' => ['auth']], function () { }); then i got an error. So what is the difference between 'web'
and 'auth' middleware ?
Thanks.
N.B : If you need to know about any files then just comment me below i will add those files.
This is a feature of laravel 5.2. 2 default middleware is web and api.
You need place category group route inside web middleware.
Web middleware make your request contains cookies, session, csrf_token used for authentication. Otherwise, api middleware used for application that simple query get or post without request header, assume mobile app.
Auth middleware based on web middleware.
I created a new laravel project and laravel flash seems to not be working as i want. The moment I return to a route the flash is gone. I have controller method that does absolutly nothing but flash and return to a route.
Like so
public function activateContract(Request $request ){
return redirect()->to('test')->with('status', 'test');
}
My routes file
Route::group(['middleware' => 'web'], function () {
Route::auth();
Route::get('/', function(){
return redirect()->intended(route('contract.index'));
});
Route::group(['middleware' => 'auth'], function () {
Route::group(['prefix' => 'contract'], function(){
Route::get('', ['as' => 'contract.index' , 'uses' => 'User\ContractController#index']);
Route::post('', ['as' => 'contract.index' , 'uses' => 'User\ContractController#activateContract']);
Route::get('mijn', ['as' => 'user.contract.index' , 'uses' => 'User\ContractController#userContracts']);
});
});
Route::get('test', function(){
dd(session('status'));
});
c});
Here is the ouput of the die dump in the test route witch magicaly lost the flash message.
null
You need to send the message with the redirect like so:
return redirect()->to('test')->with('status', 'test');
And then you can access it with the session helper function:
session('status');
docs
Edit: Place your Route::get('test') into your group with middleware 'web'.
See more about HTTP Middleware here
Laravel 5.2 changed middleware document as :Keep in mind, the web middleware group is automatically applied to your default routes.php file by the RouteServiceProvider.
It means that if you keep a route in another ['middleware' => 'web'], the data set by session()->flash() would be lost by executed web middleware twice.
It is also the answer someone asked why web executed twice.
Laravel 5.2 : Web middleware is applied twice
I'm building an app in Laravel and I already had my user registration working fine, I now want to modify how the registration works so I modified my route to call a different method.
Originally the route was defined like so:
Route::post('register', 'Auth\AuthController#postRegister');
And this worked fine. I then changed it to:
Route::post('register', 'Auth\AuthController#someOtherMethod');
This method is defined as follows:
public function someOtherMethod(Request $request)
{
die('If the method is called you should see this');
}
However, it doesn't get called (the message doesn't show). Instead it redirects me to the root of the site.
Note that I have a cache-busting script on my server that I run every time I have weird issues like this which runs the following commands:
php artisan route:clear
php artisan cache:clear
service php5-fpm restart
service nginx restart
I also run the page in an incognito/private window every time I make a change.
Now for the interesting part; I tried undoing the changes I made so that it calls postRegister again, I fully expected this to make it revert to the default behaviour but it still redirects me to the root of the site! So now I don't even have a registration page that functions at all.
Does anyone have any idea what's going on?
Thanks in advance for your help.
Edit:
Here's my full routes.php:
use Illuminate\Http\Request;
Route::group(['middleware' => 'web'], function () {
/** Public routes **/
Route::get('', 'HomepageController#index');
Route::get('/', 'HomepageController#index');
Route::get('terms', function() {
return view('terms');
});
Route::get('privacy', function() {
return view('privacy');
});
/** Public auth routes **/
Route::get('register', 'RegistrationController#index');
Route::post('register', 'Auth\AuthController#postRegister');
Route::get('login', function() {
return view('auth.login');
});
Route::post('login', 'Auth\AuthController#postLogin');
Route::get('logout', 'Auth\AuthController#getLogout');
Route::get('dashboard/login', function() {
return view('admin.login');
});
Route::post('dashboard/login', 'AdminAuth\AuthController#postLogin');
Route::get('dashboard/logout', 'AdminAuth\AuthController#getLogout');
/** Admin routes **/
Route::get('dashboard', [
'middleware' => 'admin',
'uses' => 'Admin\DashboardController#index'
]);
Route::get('dashboard/users', [
'middleware' => 'admin',
'uses' => 'Admin\DashboardController#showUsers'
]);
Route::get('dashboard/search', [
'middleware' => 'admin',
'as' => 'adminSearch',
'uses' => 'Admin\DashboardController#query'
]);
/** Admin auth routes **/
Route::get('dashboard/staff/create', [
'middleware' => 'admin',
function () {
return view('admin.register');
}
]);
Route::post('dashboard/staff/create', [
'middleware' => 'admin',
'uses' => 'AdminAuth\AuthController#postRegister'
]);
/** Controllers **/
Route::controllers([
'password' => 'Auth\PasswordController',
]);
});
make sure that you config/auth.php is calling proper Auth guard. Also redirectsTo is by default set to '/' which is route of site. What is in your middleware? the default RedirectIfAuthenticated middleware has by default entry to point to root of the site. Only these 3 scenarios possibly acting other than expected.