I am developing a laravel package where i need to authorize a private channel.
In my normal laravel project(not the package) everything is working fine:
Event SendMessage:
public function broadcastOn()
{
return new PrivateChannel('chat');
}
and in my route/channel.php i do as follows:
Broadcast::channel('chat', function ($user) {
return Auth::check();
});
But how can i authorize my chat channel inside my laravel package?
In my laravel package the service provider has boot and register functions, as with routes/web.php i know we can register it but what to do with the channels? Can we register them? i find no documentation regarding that Please help.
I am using pusher server and with laravel echo.
Hopefully you can understand my question. I just wanna know how can i authroize channel in my package.
The answer to my own question is that We must uncomment a line from config/app.php which is :
App\Providers\BroadcastServiceProvider::class,
I was struggling with the channels and it comes to the point that , we do not need to register the channels or broadcasting services in our package.
They are by default globally enabled.
So everything remains the same and just by uncommenting that i was able to authorize the private channel.
Hoepfully nobody gets into such trouble.
Cheers.
Related
I created a Telegram Bot using Botman but I can't get it to communicate with the Telegram bees and then interact with it.
I state that I configured the bot project following the Botman documentation but after numerous attempts to set the webhook and the relative routes that the bot had to use I could not make it work properly.
I attach it under the BotManController source.
The bot was installed in a subfolder of my hosting space and I tried to set the bot webhook by sending a post request of this type:
https://api.telegram.org/bot897***************/setWebHook?url=https://miodominio.ovh/nomebot/botman
The request is then successful but the bot is not connected to the Telegram bees and therefore it is not possible to interact with him via Telegram.
/* metodi nel BotManController.php */
public function handle()
{
$botman = app('botman');
$botman->listen();
}
public function tinker()
{
return view('tinker');
}
public function startConversation(BotMan $bot)
{
$bot->startConversation(new ExampleConversation());
}
P.s. In the comment the link to the routes / botman.php and routes / web.php files
I'm trying to get Lavarel to send a verification email when you register through the API. Is this possible?
I've added the MustVerifyEmail implement to the User class and added Auth::routes(['verify' => true]); to almost the top of my api.php file (Where my routes are). Also the SMTP server is configured correctly.
I think I might be doing something wrong. Hope to hear from you :)
P.S. I've started using Laravel for the first time today. So it might just be a really simple mistake.
If you are using a custom RegisterController you should be able to call
$user->sendEmailVerificationNotification();
this in turn calls the
$this->notify(new Notifications\VerifyEmail);
This is because your user implements MustVerifyEmail in the Illuminate\Foundation\Auth\User.
EDIT----
You can also use the event new Registered which should be registered in the EventServiceProvider this will call the SendEmailVerificationNotification which in turn will call $event->user->sendEmailVerificationNotification();
event(new Registered($user = $this->create($request->all())));
Note: this works in laravel 5.7
I am developing a card for Laravel nova.
As part of this, I want an API route that can be posted, but I don't want to have to authenticate against it.
I have registered my route in the card's api.php
Route::post('/endpoint/{id}', function (Request $request, $id) {)
This works if I call it with an already authenticated session.
But if I try to call it from postman I get
HTTP 419 Sorry, your session has expired. Please refresh and try again.
I can see that the card service provider is registering the route as so
Route::middleware(['nova'])
->prefix('nova-vendor/NovaPusherCard')
->group(__DIR__.'/../routes/api.php');
So I guess that Nova is putting some authenticated in front of the route.
Is there a way I can register the route without adding authentication?
ok so I worked it out.
I just needed to update the middleware to api instead of nova.
I'm using Laravel Hesto Multi Auth package to create multiple auth. I have not used the default auth, but created user, admin, support, professionals guards with laravel hesto
Now im trying to implement Laravel email confirmation using this package
This send me a activation link to my email. However when that routes to http://localhost:8000/confirmation/2/jOVjV2xkfRZqAM4nwjAKdwTwn2 it shows an error
Method App\Http\Controllers\Auth\RegisterController::confirm does not exist.
It should check in App\Http\Controllers\UserAuth\RegisterController::confirm
How to change this? Also would like to know how to implement the same for other guards
If you check https://github.com/bestmomo/laravel-email-confirmation/blob/master/routes/web.php you will note they have defined routes for this. You can override this by doing the following:
1) Disable auto-discover for the package on the dont-discover portion of your compopser.json file.
2) Register the package's service provider before App\Providers\RouteServiceProvider::class so you can override the registered routes on your application.
3) Go ahead and register the routes you want, which will probably be like this:
Route::get('confirmation/resend', 'UserAuth\RegisterController#resend');
Route::get('confirmation/{id}/{token}', 'UserAuth\RegisterController#confirm');
That should do it or at least get you in the right track.
Also ensure you use the package Traits on your UserAuth controllers.
I have a react app that fetch datas from laravel api defined like so in routes/api.php:
// this is default route provided by laravel out of the box
Route::middleware('auth:api')->get('/user', function (Request $request) {
return $request->user();
});
// ItemController provides an index methods that list items with json
Route::resource('items', 'Api\ItemController', array('except' => array('create','edit')));
// this is to store new users
Route::resource('users', 'Api\UserController', array('only' => array('store')));
for example http://example.com/api/items returns the data as intended but it's really insecure since anyone could access it through postman.
How to make those routes only accessible inside the app?
As I'm new to it I don't understand if I need to set up api_token and how?
Do I need to setup Passport?
Is is related to auth:api middleware?
It may sounds really basic but any help or tutorial suggestions would be greatly appreciated
EDIT
End up with a classic session auth. Moved routes inside web.php. Pass csrf token in ajax request. Actually i didn't need a RESTful API. You only need token auth when your API is stateless.
As you are using Laravel 5.4 you can use Passport, but I haven't implemented yet, but i implemented lucadegasperi/oauth2-server-laravel for one of my laravel projects and it was developed in Laravel 5.1
Here is the link to github repository
lucadegasperi/oauth2-server-laravel
Here is the link to the documentation Exrensive Documentation
Just add the package to the composer json and run composer update,the package will get installed to your application , once installed add the providers array class and aliases array class as mentioned in the Laravel 5 installation part of the documentation,
you have to do a small tweak in order to work perfectly cut csrf from $middleware array and paste it into $routeMiddleware array and again run php artisan vendor:publish after publishing the migrations will be created and run the migration php artisan migrate
if you only want to secure api routes for each client like ios, android and web you can implement Client Credentials Grant, or if you need to every user with oauth the you can implement Authorization Server with the Password Grant or some other.,
Never use the client id or other credentials, generating access token in the form, but add it some where in helper and attach it in the request to the api,
Hope this answer helps you.
You could use JWT it's pretty easy to get it to work. You basically generate a token by requesting Username/Password and passing that token in every request that requires authentication, your URL would look like http://example.com/api/items?token=SOME-TOKEN. without a proper token, he doesn't have access do this endpoint.
As for
How to make those routes only accessible inside the app?
If you mean only your app can use these requests, you can't. Basically the API doesn't know who is sending these requests, he can only check if what you are giving is correct and proceed with it if everything is in order. I'd suggest you to have a look at this question