Laravel sanctum change csrf cookie route - laravel

How could I change laravel sanctum csrf cookie route to /api/sanctum/csrf-cookie ?
I tried adding this to api.php routes:
use Laravel\Sanctum\Http\Controllers\CsrfCookieController;
Route::get('/sanctum/csrf-cookie', CsrfCookieController::class . '#show')->middleware('web');
But it looks for this controller under app/http/controllers where it doesn't exist.

So if anyone wondering, there should be prefix within config file that is default set to 'sanctum' within a package service provider.
So if you want to change it to API routes you should go to config/sanctum.php and add 'prefix' => 'api'.

you can create a controller CsrfController and make it extends
(Laravel\Sanctum\Http\Controllers\CsrfCookieController)
use Laravel\Sanctum\Http\Controllers\CsrfCookieController
class CsrfController extends CsrfCookieController {}
and then you can link your route
Route::get('/sanctum/csrf-cookie', 'CsrfController#show')->middleware('web');

another flexible solution is to set
'routes' => false
in config/sanctum.php ,then define a new route in routes\api.php
use Laravel\Sanctum\Http\Controllers\CsrfCookieController;
Route::get('/csrf', [CsrfCookieController::class, 'get'])->name('csrf');
like so, you can choose the proper route to suit your needs

Related

defining route with 'auth:web' middleware in laravel service provider boot() method

im using a package called https://github.com/garygreen/pretty-routes
there is line in its service provider boot() method (here the code)
it is defining a get route with middlewares from its config file(link to the code) I just added 'auth:web' to its config file but it seems the 'auth:web' middleware is called as soon as code reaches the line before Laravel bootstraps its session and etc. when the auth('web')->user() is yet null
What I can not understand is that I do the same exact thing (here the code)with laravel/telescope but it works. why ???
also changing :
Route::get(config('pretty-routes.url'), 'PrettyRoutes\PrettyRoutesController#show')
->name('pretty-routes.show')
->middleware(config('pretty-routes.middlewares'));
to :
$this->app['router']->get(config('pretty-routes.url'), 'PrettyRoutes\PrettyRoutesController#show')
->name('pretty-routes.show')
->middleware(config('pretty-routes.middlewares'));
in service provider seems to solve the problem and make this code behave like the way telescope package use 'auth:web' as middleware.
what's happening ?
You need to have the web middleware applied to any routes you need sessions for, which is what the default authentication system is using. When you apply the auth middleware without this it can't possibly resolve a user since there is no session to be authenticated against.
You need to apply the web middleware and then what ever other middleware you want:
'middlewares' => [
'web', 'auth:web',
],
If you look at the telescope example you provided you will see they also add the web middleware. So you didn't quite "do the same exact thing" as the telescope config.

route model binding doesn't work anymore with api package devolpment in in Laravel 8.x

I created an api which is delivered with package development composer. in Laravel 7 it was possible to add the route model binding with:
Route::group(['namespace' => 'Acme\Package\app\Http\Controllers\Api'], function () {
// fomer possibility:
Route::apiResource('api/comments/', 'CommentController')->middleware('bindings');});
In Laravel 8 that's not possible anymore. I've tried almost everything the last days, but either the route-model-binding is not working, or the class can't be found:
Target class [bindings] does not exist.
I really hope someone can post an answer to the problem, or a hint or anything useful.
many thanks in advance
EDIT:
Thanks for the answers, including the middleware in the Route::group like mentioned:
Route::group(['namespace' => 'Acme\Package\app\Http\Controllers\Api', 'middleware' => 'Illuminate\Routing\Middleware\SubstituteBindings']
did it.
In Laravel 8 the alias for this middleware has been removed. You can either use it by its full class name
Illuminate\Routing\Middleware\SubstituteBindings
or add the alias back in to your app/Http/Kernels.php in $routeMiddleware as follows:
protected $routeMiddleware = [
'auth' => Authenticate::class,
'bindings' => Illuminate\Routing\Middleware\SubstituteBindings,
/*...*/
You have to be careful if you are relying on values in someones application to exist. I could use a different name/alias for that middleware if I wanted to in my HTTP Kernel. You should be using the FQCN for that middleware that comes from the framework when referencing it like that.
In a default Laravel 8 install there is no middleware named/aliased as 'bindings'. It is referenced by its FQCN, Illuminate\Routing\Middleware\SubstituteBindings, which is how you should probably be referencing it from a package.
You can provide a config file for someone to alter these things if you would like. Then you can use your configuration to know which middleware to reference.

Adding Route prefix in Laravel JetStream

How do I add a route prefix to authentication routes exposed by Laravel JetStream? For example, I want to move the default /login route to /api/login (and similarly /register and /logout routes). I could do this Passport through a config option, but no such things appears to be there in JetStream.
there is a simple solution but its undocumented. you just have to go to your fortify.php config file and add a path. like:
return [
.
.
.
'path' => 'api',
// rest of your config
];

Laravel and GraphQL : How to use Passport of Laravel for Authentication when using laravel-graphql?

I want to use GraphQL in Laravel,I chose the package laravel-graphql ,my question is:
How to use Passport of Laravel for Authentication when using laravel-graphql?
I haven't used the package myself before, but from looking at the code I would say you can add a middleware in the configuration file config/graphql.php that performs the authentication and/or permission check:
/*
* Any middleware for the 'graphql' route group
*/
'middleware' => ['auth:api'], // or 'auth' for normal authentication
If this doesn't work for you, there is also the possibility to override the controller used by the package. The configuration for this is also in the same configuration file. You could for example extend the existing controller to achieve what you want. Or you write an entirely new one.
at first you have to install laravel passport step by step after install passport then you have to use
#middleware(checks:["auth:api"])
in schema.graphql file

How to route to a controller method in Laravel Moduler development?

I am using "artem-schander/l5-modular": "dev-master" for laravel moduler development.
For example i create an Admin module.
Folder structure is App/Modules/Admin.
So controller related to Admin modules placed under App/Modules/Admin/Controllers/ directory.
All routes related to Admin module are placed in App/Modules/Admin/routes.php file.
Here how it looks
Route::group(array('module' => 'Admin', 'middleware' => ['web'],'namespace' => 'App\Modules\Admin\Controllers'), function() {
Route::resource('admin', 'AdminController');
});
All view files related to admin module placed in App/Modules/Admin/Views folder.
I am trying to access Admin's index view using this route
Route::get('/', 'AdminController#index');
This route is place in laravel default routes.php file.
and when i browse ,I am getting this error
Class App\Http\Controllers\AdminController does not exist
From this i understood , laravel looking AdminController in its default path.
How can i overcome this challenge ?
You can access a controller by full qualified namespace if it is not in default path.
Try:
Route::resource('admin', '\App\Modules\Admin\Controllers\AdminController');
I have found two way to do it.
First Option
Changing the $namespace in RouteServiceProvider.php .
For me
private $namespace='\App\Modules';
So for Admin module i can use route as
Route::get('/', 'Admin\Controllers\AdminController#index');
I think this is bad idea to change Laravel's default value.
Second Option
Providing full path of the Controller.
So route would be like this
Route::get('/','\App\Modules\Admin\Controllers\AdminController#index');

Resources