Authentication middleware for api #130
Replies: 1 comment
-
|
@yoboisandy hey! I'm guessing you don't need those API users to be able to view the logs, because logs are sensitive server information. If I were you, I would do this in one of these 2 approaches: 1. Basic HTTP authThat's great if it's just you who needs access to the logs, or maybe one more person. If you don't want to have a new DB table for storing admin users, etc. Either read this - https://laravel.com/docs/9.x/authentication#http-basic-authentication Or create a new middleware yourself that uses PHP Basic Auth to check for admin authorisation. If not authorized, abort. For example: public function handle($request, Closure $next)
{
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
if (/* check if username & password is valid */) {
return $next($request);
}
}
abort(404);
}Once you have the middleware, add it to the 2. Admin auth providerIn your 'guards' => [
// ...
'admin' => [
'driver' => 'session',
'provider' => 'admins',
],
],
'providers' => [
// ...
'admins' => [
'driver' => 'eloquent',
'model' => App\AdminUser::class,
],
],In the above example, we've configured an In addition to the provider, we also defined an admin guard, which means you'll be able to apply a middleware like /**
* Log Viewer route middleware. The 'web' middleware is applied by default.
*/
'middleware' => [
'web',
+ 'admin:auth',
],Hope this helps :) |
Beta Was this translation helpful? Give feedback.
-
I am using this log viewer in a project where authentication is done through the API (tymon/jwt). how can the /log-viewer route be accessible to only logged-in users?
I tried to add auth:api in middleware but it's not working.
Any solutions?
Beta Was this translation helpful? Give feedback.
All reactions