I need to disable all routes for guests in Laravel except '/' and 'login' pages.
Does that possible to implement it routes/web.php ?
Yes. In your routes/web.php file, make sure to define your protected routes under the auth middleware group.
routes/web.php
Route::get('/', function() {
// / route
});
Route::get('/login', function() {
// login page
});
Route::middleware(['auth'])->group(function () {
// define your routes here
// they'll be protected
});
Official documentation
Since Laravel 7.7 you can use excluded_middleware property eg:
Route::group([
'excluded_middleware' => ['auth'],
], function () {
Route::get('/', 'HomeController#index');
...
});
Related
I have a route group which is protected by the auth middleware, and inside of this group I want to except one route. But this route is also located in another route group. So when I try to move it out of this group, it is not working.
How can I fix this problem, and except a UrlProfile function from auth middleware?.. I am using Laravel 5.1
Route::group(['middleware' => 'auth'], function () {
// some other routes ...
Route::group(['namespace' => 'Lawyer'], function() {
Route::get('profile/{name}', 'ProfileController#UrlProfile');
}
};
Can you try this?
Route::group(['namespace' => 'Lawyer'], function () {
Route::get('profile/{name}', 'ProfileController#UrlProfile');
Route::group(['middleware' => 'auth'], function() {
..
..
..
)};
)};
If I understood your problem correctly, This should also work.
You can add this in your controller.
You can insert the name of your function in the except section and it will be excluded from the middleware. [Reference]
public function __construct()
{
$this->middleware('auth')->except(['yourFunctionName']);
}
This
Route::middleware(['cors'])->group(function () {
Route::post('/login', 'AuthController#APIstore');
Route::middleware(['auth:api'])->group(function () {
Route::post('/logout', 'AuthController#APIdestroy');
Route::get('/projects', 'ProjectController#getAll');
});
});
And this
Route::group(['middleware' => 'cors'], function() {
Route::post('/login', 'AuthController#APIstore');
Route::group(['middleware' => 'auth:api'], function() {
Route::post('/logout', 'AuthController#APIdestroy');
Route::get('/projects', 'ProjectController#getAll');
});
});
On the first code, CORS middleware works with /login but does not work for /logout and /projects
On the second code, the CORS middleware does not work at all
is there a reason behind this?
So, as per the Laravel Routing Doc, the top level middleware is applied to all groups in the group. So using Route::middleware(['cors']) will mean this middleware will be applied to Route::middleware(['auth:api']).
However Route::group(['middleware' => 'cors'] is a group route not a middleware route, so the middle is not applied to child groups.
i tried to configure laravel for apache2.
But if I open http://localhost/ it redirect me to http://localhost/login and there is nothing to display.
If I try http://localhost/index.php/login I get the view blade to login. But how can I remove the /index.php/
The Apache vHost config
And the "main" route
Route::get('/home', function() {
return Redirect::to('login');
});
Route::group([], function() {
Route::get('/', function() {
return Redirect::to('dashboard');
Route::get('galleries', 'GalleryController#getGalleries');
Route::get('galleries/{GID}', 'GalleryController#getPicuteGallery');
Route::get('news', 'NewsController#index');
Route::get('dashboard', 'DashboardController#index');
Route::get('search', 'Search\SearchController#index');
Route::get('calendar', 'CalendarController#index');
Route::get('symposium', 'SymposiumController#index');
Route::get('conference', 'ConferenceController#index');
Route::get('publication', function() {
return view('publication');
});
});
The Auth routes are predefined by AdminLTE installer.
/**
* Define the AdminLTETemplate routes.
*/
protected function defineRoutes()
{
if (!$this->app->routesAreCached()) {
$router = app('router');
$router->group(['namespace' => $this->getAppNamespace().'Http\Controllers'], function () {
require __DIR__.'/../Http/routes.php';
});
}
}
And the AdminLTE Router
<?php
/*
* Same configuration as Laravel 5.2:
* See https://github.com/laravel/framework/blob/5.2/src/Illuminate /Auth/Console/stubs/make/routes.stub
*/
Route::group(['middleware' => 'web'], function () {
Route::auth();
Route::get('/home', 'HomeController#index');
Route::get('/', function () {
return view('welcome');
});
});
---UPDATE---
I found out that the mod_rewrite wasnt enabled. Now the web site works fine.
But I need to add the 'middleware' => 'web' class
Remove ['middleware' => 'web'] from you routes.php, because since Laravel 5.2.27 this middleware applies automatically to all your routes and if you're adding it manually, it may give you broken app.
UPDATE:
You have a function which redirects you to 'dashboard' (why?) and also the function is not closed. So try to remove these lines:
Route::get('/', function() {
return Redirect::to('dashboard');
I have implemented middleware roles and permissions control in my app, but I cannot figure out why it only allows me to define one '/' route. The second one is still pointing to '/home' even though I override AuthController redirectTo variable.
My routes:
Route::group(['middleware' => 'role:user'], function()
{
Route::get('/', 'ScoresController#user');
});
Route::group(['middleware' => 'role:admin'], function()
{
Route::get('/', 'PagesController#home');
});
In any case after authentication user with user role redirecting to '/home'.
Like Simon says your second route will override the first one what you could do is load another controller wich redirects you to another page via redirect()
or write it as a route itself.
Could look like this:
Route::get('/', function(){
$user = Auth::user();
if($user->is('admin') {
return redirect('admin');
}else{
return redirect('user');
}
});
Route::get('admin', ['middleware' => 'role:admin', 'uses'=> 'PagesController#home']);
This is just one of many possibilities hope it helps you.
i am new to laravel,
i have code in my controller's __construct like
if(Auth::check())
{
return View::make('view_page');
}
return Redirect::route('login')->withInput()->with('errmessage', 'Please Login to access restricted area.');
its working fine, but what i wants is. its really annoying to put these coding in each and every controller, so i wish to put this Verify Auth and redirect to login page in one place, may be in router.php or filters.php.
I have read some posts in forum as well as in stackoverflow, and added code in filters.php like below but that's too not working.
Route::filter('auth', function() {
if (Auth::guest())
return Redirect::guest('login');
});
Please help me to resolve this issue.
Laravel 5.4
Use the built in auth middleware.
Route::group(['middleware' => ['auth']], function() {
// your routes
});
For a single route:
Route::get('profile', function () {
// Only authenticated users may enter...
})->middleware('auth');
Laravel docs
Laravel 4 (original answer)
That's already built in to laravel. See the auth filter in filters.php. Just add the before filter to your routes. Preferably use a group and wrap that around your protected routes:
Route::group(array('before' => 'auth'), function(){
// your routes
Route::get('/', 'HomeController#index');
});
Or for a single route:
Route::get('/', array('before' => 'auth', 'uses' => 'HomeController#index'));
To change the redirect URL or send messages along, simply edit the filter in filters.php to your liking.
To avoid code repetition, You can use it in middleware. If you are using the Laravel build in Auth, You can directly use the auth middleware as given,
Route::group(['middleware' => ['auth']], function() {
// define your route, route groups here
});
or, for a single route,
Route::get('profile', function () {
})->middleware('auth');
If you are building your own, custom Authentication system. You should use the middleware which will check the user is authenticated or not. To create custom middleware, run php artisan make:middleware Middelware_Name_Here and register the newly created middleware.
It's absolutely correct what other people have replied.
This solution is for Laravel 5.4
But just in case, if you have more than one middleware applying to routes, make sure 'auth' middleware comes in the end and not at the start.
Like this:
Route::prefix('/admin')->group(function () {
Route::group(['middleware' => 'CheckUser', 'middleware' => 'auth'], function(){
});
});
Route::middleware(['auth'])->group(function () {
Route::get('dashboard','BackendController#dashboard')->name('dashboard');
});
This entry in the web.php route will take the user [who is not logged in] to the login page if (s)he tries to access a 'protected' URL, "dashboard" in this case.