Laravel auto auth? - laravel

I need to secure my backend section.
Right now i have i like this:
Route::get('/backend',['middleware' => 'auth', 'uses' => 'HomeController#index']);
Route::get('/backend/users',['middleware' => 'auth', 'uses' => 'HomeController#show']);
Route::get('/backend/users/create',['middleware' => 'auth', 'uses' => 'HomeController#create']);
Route::get('/backend/users/edit/{id}',['middleware' => 'auth', 'uses' => 'HomeController#edit']);
do i need to write the middleware=> auth to everyline and everysite i have in my backend?
Is it somehow possible to define that everything that has 'backend/' should be checked if auth or not?

You can use a Route Group to define middleware and a prefix (among other things). So it could be:
Route::group(['prefix' => 'backend', 'middleware' => 'auth'], function () {
Route::get('/', 'HomeController#index');
Route::get('/users', 'HomeController#show');
Route::get('/users/create', 'HomeController#create');
Route::get('/users/edit/{id}', 'HomeController#edit');
)};

Related

Array to string conversion in named route group in laravel 5.6

My named route group is working fine without resource route. But when I am trying to use 'resource route' then getting this error. Would someone help me please, in where I am doing wrong?
My Route Group is -
Route::group(['prefix' => 'admin', 'as' => 'admin.', 'middleware' => 'auth:admin'], function () {
Route::get('dashboard', array('as' => 'dashboard', 'uses' => 'Admin\AdminController#dashboard'));
Route::group(['prefix' => 'student', 'as' => 'student.'], function () {
Route::resource('admission', array('as' => 'admission', 'uses' => 'Admin\StudentController'));
}); });
You need to pass resource controller name as string as the second parameter for Route::resource():
Route::resource('admission', 'Admin\StudentController');
You don't need to specify routes names with 'as' => 'admission' because the Route::resource() will do that automatically.

Sharing routes between multiple prefixes

I'm trying to cut down on the size of my routes file and re-use named routes. I have two separate areas that are authenticated and have their own specialized routes, however, both of them share a LOT of other routes in common.
Route::group(['middleware' => 'web'], function () {
/**
* Author routes.
*/
Route::group(['prefix' => 'author', 'middleware' => 'auth'], function () {
Route::get('/', ['as' => 'dashboard', 'uses' => 'Controller#showHome']);
// ...various routes unique to authors...
Route::any('posts/data', ['as' => 'posts.data'])->uses('PostsController#data');
Route::get('posts/{account?}', ['as' => 'posts.show'])->uses('PostsController#index');
Route::get('posts/{post}/delete', ['as' => 'posts.delete'])->uses('PostsController#destroy');
Route::resource('posts', 'PostsController', ['parameters' => 'singular']);
// ...lots more routes like the above shared with reviewers...
});
/**
* Reviewer routes.
*/
Route::group(['prefix' => 'reviewer', 'middleware' => 'auth'], function () {
Route::get('/', ['as' => 'dashboard', 'uses' => 'Controller#showHome']);
// ...various routes unique to reviewers...
Route::any('posts/data', ['as' => 'posts.data'])->uses('PostsController#data');
Route::get('posts/{account?}', ['as' => 'posts.show'])->uses('PostsController#index');
Route::get('posts/{post}/delete', ['as' => 'posts.delete'])->uses('PostsController#destroy');
Route::resource('posts', 'PostsController', ['parameters' => 'singular']);
// ...lots more routes like the above shared with authors...
});
});
I still need a reviewer to go to example.com/reviewer/posts to do all post related activities and authors to go to example.com/author/posts.
How can I make this a lot less verbose?
Create a separate route file e.g. post_routes.php and put all your shared Post route in there.
Include the route file
Route::group(['prefix' => 'author', 'middleware' => 'auth'], function () {
require app_path('Http/post_routes.php');
});
/**
* Reviewer routes.
*/
Route::group(['prefix' => 'reviewer', 'middleware' => 'auth'], function () {
require app_path('Http/post_routes.php');
});

How to add route group inside another route group.. Laravel 5

/*
|--------------------------------------------------------------------------
| Application Routes
|--------------------------------------------------------------------------
|
| Here is where you can register all of the routes for an application.
| It's a breeze. Simply tell Laravel the URIs it should respond to
| and give it the controller to call when that URI is requested.
|
*/
Route::group(['middleware' => 'cors'], function(Router $router){
});
Route::group([
'prefix' => 'api/v1',
'namespace' => 'Api'
], function () {
Route::post('/auth/register', [
'as' => 'auth.register',
'uses' => 'AuthController#register'
]);
Route::post('/auth/login', [
'as' => 'auth.login',
'uses' => 'AuthController#login'
]);
});
I want to add the prefix group route inside the middleware route, how can i achieve that?
You can nest route groups inside of each other. Just wrap one in the closure of the other.
Route::group(['middleware' => 'cors'], function(Router $router){
Route::group(
[
'prefix' => 'api/v1',
'namespace' => 'Api'
], function () {
Route::post('/auth/register', [
'as' => 'auth.register',
'uses' => 'AuthController#register'
]);
Route::post('/auth/login', [
'as' => 'auth.login',
'uses' => 'AuthController#login'
]);
});
});
hey i solved this by,
Route::group([
'prefix' => 'api/v1',
'namespace' => 'Api',
'middleware' =>'cors'
],
function () {
Route::post('/auth/register', [
'as' => 'auth.register',
'uses' => 'AuthController#register'
]);
Route::post('/auth/login', [
'as' => 'auth.login',
'uses' => 'AuthController#login'
]);
});
but the problem here is i am getting this error
XMLHttpRequest cannot load http://localhost:8000/api/v1/auth/login. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000' is therefore not allowed access. The response had HTTP status code 500.
is there any problem with my chrome cause i heard there is plugin for cors in chrome.
Thanks :)

Resource route within a group route

I am trying to group all the routes for our admin section to access model resources. So far I've come with this:
Route::group(['middleware' => 'auth', 'prefix' => 'admin', 'as' => 'admin::'], function() {
Route::get('dashboard', ['as' => 'dashboard', function() {
return view('pages.dashboard');
}]);
Route::resource('user', 'UserController', ['as' => 'user']);
Route::resource('plan', 'PlanController', ['as' => 'plan']);
Route::resource('answer', 'AnswerController', ['as' => 'answer']);
Route::resource('question', 'QuestionController', ['as' => 'question']);
Route::resource('retailer', 'RetailerController', ['as' => 'retailer']);
Route::resource('restriction', 'RestrictionController', ['as' => 'restriction']);
});
I want to name these routes to access them in a much easier manner by calling their names. However it breaks and says "Route [admin::user] not defined." I want to use the route naming feature to use route('admin::user'). I am having problem with the resource routes. The dashboard one works fine - route('admin::dashboard')
I take from this post that naming resource routes should work (Laravel named route for resource controller)
Resources are given route names automatically run php artisan route:list to list the routes out:
Route::group(['middleware' => 'auth', 'prefix' => 'admin', 'as' => 'admin::'], function() {
Route::get('dashboard', ['as' => 'dashboard', function() {
return view('pages.dashboard');
}]);
Route::resource('user', 'UserController');
});
Resulting Routes
admin::dashboard
admin::admin.user.store
admin::admin.user.index
admin::admin.user.create
admin::admin.user.destroy
admin::admin.user.show
admin::admin.user.update
admin::admin.user.edit

Laravel 5 advance routing with reserved route keywords

Would like to check say that I have the following routes
Route::group(['middleware' => 'auth'], function(){
Route::get('/{profile_url?}', array('as' => 'profile', 'uses' => 'ProfileController#getProfile'));
Route::get('/settings/password', array('as' => 'chgPassword', 'uses' => 'ProfileController#updatePassword'));
Route::post('/settings/password', array('as' => 'postChgPassword', 'uses' => 'ProfileController#postUpdatePassword'));
Route::get('/settings/email/request', array('as' => 'chgEmailRequest', 'uses' => 'ProfileController#updateEmailRequest'));
Route::post('/settings/email/request', array('as' => 'postChgEmailRequest', 'uses' => 'ProfileController#postUpdateEmailRequest'));
Route::get('/logout', array('as' => 'logout', 'uses' => 'ProfileController#logout'));
});
Notice that my first route accepts an optional parameter which will then route the user to a specific profile which it works fine, but when ever i have other routes say that /logout, laravel router will also use the /{profile_url?} route instead of the expected logout route. Is there any way that i can specified something like a reserved keyword like
Route::get('/{profile_url?}', array('as' => 'profile', 'uses' => 'ProfileController#getProfile')
->except('settings', 'logout'));
something like that? Ho that someone can enlighten me with this issue.
Because you put a wildcard {profile_url?} at the first place, Laravel will ignore the rest. So be careful when using wildcard routes. you should put the least specific route in the last place, Lavarel will check all of specific routes. If it doesn't match, it will go to the wildcard route. For example :
Route::group(['middleware' => 'auth'], function(){
Route::get('/{profile_url?}',...); // Lavarel do this
Route::get('/logout',...); // ignore this
});
Route::group(['middleware' => 'auth'], function(){
Route::get('/logout',...); // do this if it matches
Route::get('/{profile_url?}',...); // else do this
});

Resources