Is it possible to protect one!! laravel route with htaccess password?
I have a migrator route and that one should be accessed with a htaccess password
You can try Laravel HTTP Basic Authentication to protect a route in a simple way:
Route::get('your-route', function () {
// Only authenticated users may enter...
})->middleware('auth.basic');
Please note that, by default, this technique uses email and password stored in 'users' table to give access to an user.
Related
I installed Laravel 8 and found the following route in routes/api.php.
Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
return $request->user();
});
I will create my own APIs which accept post and return json.
Should I remove the default sanctum route?
Is it safe to delete it? Or is it dangerous if I don't delete it?
I think it is dangerous if someone accesses /api/user. I don't know what it is.
I think it is dangerous if someone accesses /api/user. I don't know
what it is.
Yes it is good to remove this example route. On the other hand. Only authenticated User can see the userlist. If you are the only auth user in your application it not so much important if you forget to remove this route.
You can safely delete it. They just included it as an example or not to present you with an empty routes/api.php (not sure which).
Edit: Accessing /user will show the user associated with the bearer token. Sanctum's tokens aren't dependent on the /user route however.
Sacntum is cookie-based session authentication service. This is just an example route that will return the user data if he is logged-in. You can remove it safely without any issues.
It is completely safe to use as well as the user will only be able to access this route if he is already logged in and will only get his user information back not of all the users.
I'm wondering how I can password protect pages (therefore web routes) without any auth. My website doesn't have user login/register system, it's not needed.
All I want is to have a several password protected pages that each have a unique password, these passwords are stored in a database.
How would I go about doing this?
Two steps.
create a page for requesting password, also include which page he is trying to access, if user enters the password correctly, set session variable saying pageX is authenticated and redirect to the page.
Create Middleware that checks for the session variable, if it doesn't exist redirect to password page.
I prefer to combine it with javascript window.prompt and session laravel.
Create a pop up to insert the password of the page.
https://www.w3schools.com/js/js_popup.asp
redirect the result to a route, in the controller search the password form database.
use session from laravel, so if the password exist set the session.
https://laravel.com/docs/5.0/session
4.the session isset is null, redirect it to another route.
I want to have the same route within the auth:api middleware, and also out of it.
Right now, if I include it in both, only the one out of the auth:api is taken into consideration, even if the user is logged in.
Is there a way that if the user is logged in it goes to auth:api and if not it goes out of any middleware?
The reason to do this is that if the user is logged in, I want to access user information, and for that it needs to go through the auth:api.
As long as you're including the token in the request, you will be able to get access to the current User.
Out-of-the-box, Laravel will set the default guard to be web. When you place routes under the auth middleware it will set the default guard to be whatever is passed to the middleware i.e. when you have auth:api it will set the default guard to be api for that request.
If you want to be able to access the User without it being under the auth:api middleware, you will simply need to be explicit with what guard should be used e.g.
auth('api')->user(); // or Auth::guard('api')->user();
The same applies for check():
auth('api')->check(); // or Auth::guard('api')->check();
or if you're using the Request object:
$request->user('api'); // or request()->user('api');
It 's not possible to have multiple same routes in your application and work independently. Laravel will match the first one that it find in your routes map.
Create one route and check for authentication in your controller.
if (Auth::check()) {
// The user is logged in...
}
So I'm creating a laravel app where part of the front end lives on a cold fusion site and the people interacting with my API are not "users", just people signing up for seminars/consultations. My question is I've been able to grant tokens using the grant_type client credentials and in the web.php file with ->middleware('client') attached to the route (or a route group for multiple routes) it works just fine. However I've been told to move them into my api.php file and everything. I cannot seem to get it to work. In postman all I get for a response is to be brought back to the login page because I am not a logged in user. Any ideas?
in api file every middleware that wants to check credential use authorizing it means you should use laravel passport for
I have two seprate table for authentication. Following middleware pointing to different table:
$this->middleware('auth:admin'); // - admins
$this->middleware('auth'); // - user
The solution i need :
I want authentication must be done with two diffrent table through only
"$this->middleware('auth')" middleware
Through middleware "$this->middleware('auth')" I want to login both
admin and user. Currently admin and user login from diffrent
middleware I have shown above.
For this, in which file and where I need to change in my project folder?
If you want to have both "guards" be checked you can just pass multiple guards to the auth middleware.
$this->middleware('auth:web,admin');
This will spin through the guards passed and if any of them produce a user it will set that guard as the default moving forward.