Laravel: Whats the difference between these two route api approach - laravel

This
Route::middleware(['cors'])->group(function () {
Route::post('/login', 'AuthController#APIstore');
Route::middleware(['auth:api'])->group(function () {
Route::post('/logout', 'AuthController#APIdestroy');
Route::get('/projects', 'ProjectController#getAll');
});
});
And this
Route::group(['middleware' => 'cors'], function() {
Route::post('/login', 'AuthController#APIstore');
Route::group(['middleware' => 'auth:api'], function() {
Route::post('/logout', 'AuthController#APIdestroy');
Route::get('/projects', 'ProjectController#getAll');
});
});
On the first code, CORS middleware works with /login but does not work for /logout and /projects
On the second code, the CORS middleware does not work at all
is there a reason behind this?

So, as per the Laravel Routing Doc, the top level middleware is applied to all groups in the group. So using Route::middleware(['cors']) will mean this middleware will be applied to Route::middleware(['auth:api']).
However Route::group(['middleware' => 'cors'] is a group route not a middleware route, so the middle is not applied to child groups.

Related

Laravel 6: disable all routes for guest except home and login

I need to disable all routes for guests in Laravel except '/' and 'login' pages.
Does that possible to implement it routes/web.php ?
Yes. In your routes/web.php file, make sure to define your protected routes under the auth middleware group.
routes/web.php
Route::get('/', function() {
// / route
});
Route::get('/login', function() {
// login page
});
Route::middleware(['auth'])->group(function () {
// define your routes here
// they'll be protected
});
Official documentation
Since Laravel 7.7 you can use excluded_middleware property eg:
Route::group([
'excluded_middleware' => ['auth'],
], function () {
Route::get('/', 'HomeController#index');
...
});

Laravel except a single route from auth middleware

I have a route group which is protected by the auth middleware, and inside of this group I want to except one route. But this route is also located in another route group. So when I try to move it out of this group, it is not working.
How can I fix this problem, and except a UrlProfile function from auth middleware?.. I am using Laravel 5.1
Route::group(['middleware' => 'auth'], function () {
// some other routes ...
Route::group(['namespace' => 'Lawyer'], function() {
Route::get('profile/{name}', 'ProfileController#UrlProfile');
}
};
Can you try this?
Route::group(['namespace' => 'Lawyer'], function () {
Route::get('profile/{name}', 'ProfileController#UrlProfile');
Route::group(['middleware' => 'auth'], function() {
..
..
..
)};
)};
If I understood your problem correctly, This should also work.
You can add this in your controller.
You can insert the name of your function in the except section and it will be excluded from the middleware. [Reference]
public function __construct()
{
$this->middleware('auth')->except(['yourFunctionName']);
}

Laravel 5.4 session doesn't seem to persist after Auth::login

Despite many people with this problem, the solutions I've found are not working. I'm just trying to use Augh::login($user) and then redirect. I've verified immediately after calling login() that the user is being logged in, however, once I redirect, I get bounced back to the login scree. Here are my routes:
Route::group(['middleware' => ['web']], function() {
Auth::routes();
Route::get('/', function () {
return view('welcome');
});
Route::get('/dashboard', 'admin\adminRootController#dashboard')->middleware('auth');
});
I've spent about 5 hours on different solutions to absolutely no end, someone please help!!!!!!!
Refactor your routes to this:
Auth::routes();
Route::group(['middleware' => ['web']], function() {
Route::get('/', function () {
return view('welcome');
});
});
Route::group(['middleware' => ['web', 'auth']], function() {
Route::get('/dashboard', 'admin\adminRootController#dashboard')
});
Auth::routes() need not be placed in any route groups as it is configured by the framework already. If you want to protect any routes, make sure to use auth middleware in your routes.

Protect routes with middleware Laravel

I have implemented middleware roles and permissions control in my app, but I cannot figure out why it only allows me to define one '/' route. The second one is still pointing to '/home' even though I override AuthController redirectTo variable.
My routes:
Route::group(['middleware' => 'role:user'], function()
{
Route::get('/', 'ScoresController#user');
});
Route::group(['middleware' => 'role:admin'], function()
{
Route::get('/', 'PagesController#home');
});
In any case after authentication user with user role redirecting to '/home'.
Like Simon says your second route will override the first one what you could do is load another controller wich redirects you to another page via redirect()
or write it as a route itself.
Could look like this:
Route::get('/', function(){
$user = Auth::user();
if($user->is('admin') {
return redirect('admin');
}else{
return redirect('user');
}
});
Route::get('admin', ['middleware' => 'role:admin', 'uses'=> 'PagesController#home']);
This is just one of many possibilities hope it helps you.

Redirect to Login if user not logged in Laravel

i am new to laravel,
i have code in my controller's __construct like
if(Auth::check())
{
return View::make('view_page');
}
return Redirect::route('login')->withInput()->with('errmessage', 'Please Login to access restricted area.');
its working fine, but what i wants is. its really annoying to put these coding in each and every controller, so i wish to put this Verify Auth and redirect to login page in one place, may be in router.php or filters.php.
I have read some posts in forum as well as in stackoverflow, and added code in filters.php like below but that's too not working.
Route::filter('auth', function() {
if (Auth::guest())
return Redirect::guest('login');
});
Please help me to resolve this issue.
Laravel 5.4
Use the built in auth middleware.
Route::group(['middleware' => ['auth']], function() {
// your routes
});
For a single route:
Route::get('profile', function () {
// Only authenticated users may enter...
})->middleware('auth');
Laravel docs
Laravel 4 (original answer)
That's already built in to laravel. See the auth filter in filters.php. Just add the before filter to your routes. Preferably use a group and wrap that around your protected routes:
Route::group(array('before' => 'auth'), function(){
// your routes
Route::get('/', 'HomeController#index');
});
Or for a single route:
Route::get('/', array('before' => 'auth', 'uses' => 'HomeController#index'));
To change the redirect URL or send messages along, simply edit the filter in filters.php to your liking.
To avoid code repetition, You can use it in middleware. If you are using the Laravel build in Auth, You can directly use the auth middleware as given,
Route::group(['middleware' => ['auth']], function() {
// define your route, route groups here
});
or, for a single route,
Route::get('profile', function () {
})->middleware('auth');
If you are building your own, custom Authentication system. You should use the middleware which will check the user is authenticated or not. To create custom middleware, run php artisan make:middleware Middelware_Name_Here and register the newly created middleware.
It's absolutely correct what other people have replied.
This solution is for Laravel 5.4
But just in case, if you have more than one middleware applying to routes, make sure 'auth' middleware comes in the end and not at the start.
Like this:
Route::prefix('/admin')->group(function () {
Route::group(['middleware' => 'CheckUser', 'middleware' => 'auth'], function(){
});
});
Route::middleware(['auth'])->group(function () {
Route::get('dashboard','BackendController#dashboard')->name('dashboard');
});
This entry in the web.php route will take the user [who is not logged in] to the login page if (s)he tries to access a 'protected' URL, "dashboard" in this case.

Resources