as we know when we code on localhost we can go directly to dashboard admin on our website without login first by typing the link. so how we can stop that? so if we want to access the admin dashboard we really have to log in first
use laravel middleware to limit accesses ... you can use auth middleware like:
Route::get('/profile', function () {
//
})->middleware('auth');
for more info visit laravel docs
use laravel middleware in your web.php if you are using a simple function for your route
Route::get('/admin/dashboard',function () {
return view....``
})->middleware('auth');
Or you can use a constructor in your Controller to limit access for all function in this controller
public function __construct()
{
$this->middleware('auth');
}
Related
can't stay login in project,
this is my code in appserviceprovider.php ,
Auth::loginUsingId(18876 ,true);
is true and login and get ,
dd(auth()->user()->id);
my output,
^ 18876
this picture,
and my export in website user is loggedin,
if comment this
Auth::loginUsingId(18876 ,true);
and write dd(auth()->user()->id);
and check user is login
if (Auth::check()) {
dd(1);
} else {
dd(2);
}
output
Laravel session is initialized in a middleware so you can't access the session from a Service Provider, because they execute before the middleware in the request lifecycle
You should use a middleware to share your varibles from the session
However, If for some other reason you want to do it in a service provider, you can do it using a view composer with a callback, like this:
public function boot()
{
//compose all the views....
view()->composer('*', function ($view)
{
auth()->user();
});
}
The callback will be executed only when the view is actually being composed, so middleware will be already executed and session will be available
I am logging in via Laravel API.
Let's say that I am on www.domain.com/login. After login is successful, I put the token into a cookie and redirect to /admin.
Route::get('/admin', function () {
return view('admin');
})->middleware('auth');
The problem is that Laravel doesn't see that the user is logged in, thus redirects me to /login once more.
And, if I declare the route as follows
Route::get('/admin', function () {
return view('admin');
});
Everyone can access www.domain.com/admin
I appreciate any help.
Luca
You need to add auth:api middleware so it can see the auth user
Currently I'm writing a Laravel 5.6 REST api. Now I want to secure my endpoints:
Each user in my application has a role. Based on that the user should be able to access some endpoints and otherwise should get a 403 error. For this I would like to use Policies because, when used as middleware, they can authorize actions before the incoming request even reaches my route or controller.
I declare my endpoints like this:
Route::apiResource('me', 'UserController');
My problem now is that if I want to use Policies as middleware I have to specify the (HTTP) method like this middleware('can:update,post'). How should I do this when I use apiResource in my route declaration?
BTW: Currently I have written a FormRequest for each method (which is a pain) and do the authorization there. Can I simply return true in the authorize method after switching to Policies middleware?
Since you are using FormRequest::class to validate the request data, it is best practice to first check is the user is authorized to make the request. For Laravel 5.6 the cleanest solution would be to specify each policy manually in the __construct() method of your resource controller.
public function __construct()
{
$this->middleware('can:viewAny,App\Post')->only('index');
$this->middleware('can:create,App\Post')->only('store');
$this->middleware('can:view,post')->only('show');
$this->middleware('can:update,post')->only('update');
$this->middleware('can:delete,post')->only('delete');
}
If your were validating form data inside your controller instead of using FormRequest::class, a cleaner solution would be to also authorize the user inside the controller.
public function store(Request $request)
{
$this->authorize('create', Post::class);
// The user is authorized to make this request...
$request->validate([
//Validation Rules
});
// The form data has been successfully validated...
// Controller logic...
}
Since Laravel 5.7 you can do all of this using one line of code on your controller's __construct() method.
public function __construct()
{
$this->authorizeResource(Post::class, 'post');
}
You can define route groups, routes that have a common behaviour (middleware, prefix etc. ).
The following should work:
Route::middleware('can:update,post')->group(function () {
Route::apiResource('me', 'UserController');
//more routes
});
You can prefix routes as well:
Route::middleware('can:update,post')->group(function () {
Route::prefix('users')->group(function () {
Route::apiResource('me', 'UserController'); //Translated to ex: /users/me
Route::prefix('books')->group(function () {
Route::apiResource('{book}', 'UserController'); //Translated to ex: /users/me/book_1
});
});
});
P.S: I haven't used resources before but it should do the job
I'm creating a backend system that I want to use VueJS2 for with a Laravel backend. The problem i'm facing at the moment is integrating this all together while keeping the 'tidy' URLS (no hashbangs) utilising Vue's history mode:
const router = new VueRouter({
routes,
mode: 'history'
})
I am a fan of the way Laravel handles Authentication and as such i've tried to use that in this system as an entry point into the SPA but doing so breaks the history mode.
In my routes file i've added a Vue capture route that works to allow hard refreshing of the browser and back button etc and this works fine:
Route::get('/{vue_capture?}', function () {
return view('home');
})->where('vue_capture', '[\/\w\.-]*');
However in order to use Laravel Auth i've added the following check, which works to force you to login before accessing anything else but breaks the history mode:
if (Auth::check()) {
Route::get('/{vue_capture?}', function () {
return view('home');
})->where('vue_capture', '[\/\w\.-]*');
}
else {
// the home controller has the auth middleware in the __construct
Route::get('/', 'HomeController#index');
}
I've tried adding middleware onto the end of the vue capture route but it didn't seem to do anything.
Many thanks!
To get SPA working with any backend, you should use Api authentication based on JWT.
This is Laravel docs about it: https://laravel.com/docs/5.3/passport
This is good package for this purpose: https://github.com/tymondesigns/jwt-auth
I have laravel project and I want to create access log table. in route file is it possible handle every request and its parameters to store in database.
You can create middleware and handle all request with it. Then put all your routes in a group to apply your middleware.
Route::group(['middleware' => 'yourMiddleware'], function () {
// All your routes
});
Yes, it is possible. Create your own service provider and register it, then in boot method create script that logs requests to database.
Example:
public function boot()
{
if (! app()->runningInConsole()) {
App\Request::create(['payload'=>serialize(app('request')->all())]);
}
}