I want to let only authenticated users access a certain page in my application. After reading the documentation I found out this can be done using middleware. I assigned the auth middleware to the route which I want to protect, but I can still access it even if I am not authenticated.
Route::get("add","Clubs#add",['middleware' => 'auth', function () {}]);
I think you're looking for this syntax.
Route::get('profile', [
'middleware' => 'auth',
'uses' => 'ProfileController#show'
]);
So for your case, it should look like this.
Route::get('add', [
'middleware' => 'auth',
'uses' => 'Clubs#add'
]);
Related
So my scenario is:
Route::group(['middleware' => 'api'], function ($router) {
Route::post('/login', [
'as' => 'login',
'uses' => 'App\Http\Controllers\Admin\CustomerCrudController#login',
]);
Route::post('/register', [
'as' => 'register',
'uses' => 'App\Http\Controllers\Admin\CustomerCrudController#register',
]);
Route::get('/logout', [
'as' => 'logout',
'uses' => 'App\Http\Controllers\Admin\CustomerCrudController#logout',
]);
});
Here Login API is working perfectly using postman but register and logout api's are returning 405 method not allowed error.
Note: I have already checked that I must be using post and get correctly. These API's were also working right previously. I don't know what has made them stop.
In case if someone wants to have a look at controller functions, here is the gist. Looking forward to the suggestions.
1. Route::get('/admin', [
'uses' => 'AdminController#admin',
'as' => 'admin' ]);
2. Route::get('/{uri}', [
'uses' => 'ArticleController#article',
'as' => 'article' ]);
if I try to go to admin route it goes to article route, I need a solution for both routes to work.
The conflict arrives in your case due to /{uri} matches to /admin ,
For example. /xyz, /abc and even /admin match to /{uri} route.
You can do something like this to avoid it.
Route::get('/admin', [ 'uses' => 'AdminController#admin', 'as' => 'admin' ]);
Route::get('/uri/{uri}', [ 'uses' => 'ArticleController#article', 'as' => 'article' ]);
Note that now /admin will match to your /admin route and /uri/{parameter} will match to your /uri/{uri} route
You have to write route 1 first then route 2
Follow: Laracasts
I need to secure my backend section.
Right now i have i like this:
Route::get('/backend',['middleware' => 'auth', 'uses' => 'HomeController#index']);
Route::get('/backend/users',['middleware' => 'auth', 'uses' => 'HomeController#show']);
Route::get('/backend/users/create',['middleware' => 'auth', 'uses' => 'HomeController#create']);
Route::get('/backend/users/edit/{id}',['middleware' => 'auth', 'uses' => 'HomeController#edit']);
do i need to write the middleware=> auth to everyline and everysite i have in my backend?
Is it somehow possible to define that everything that has 'backend/' should be checked if auth or not?
You can use a Route Group to define middleware and a prefix (among other things). So it could be:
Route::group(['prefix' => 'backend', 'middleware' => 'auth'], function () {
Route::get('/', 'HomeController#index');
Route::get('/users', 'HomeController#show');
Route::get('/users/create', 'HomeController#create');
Route::get('/users/edit/{id}', 'HomeController#edit');
)};
After trying out this acl tutorial I came across something I can't understand.
In laravel I created my route according to the tutorial and changed it to match laravel's auth controller (as I already used that before by installing it with bestmomo) to:
$router->get('/', [
'uses' => 'Auth\AuthController#getLogin',
'as' => 'admin.user.login',
'middleware' => ['acl:login']
]);
Like this it doesn't find my route giving me the error
NotFoundHttpException in RouteCollection.php line 161:
If I add the following route:
Route::get('/login', [
'as' => 'login', 'uses' => 'Auth\AuthController#getRegister'
]);
It works well.
Why do I need to add the second route?
Why can't the first one stand alone?
I think the blog you are following has an error.
The correct way to call a route you need is:
Route::get('/', [
'uses' => 'Auth\AuthController#getLogin',
'as' => 'admin.user.login',
'middleware' => ['acl:login']
]);
Note: you can also use a helper method and just call:
get('/', [
'uses' => 'Auth\AuthController#getLogin',
'as' => 'admin.user.login',
'middleware' => ['acl:login']
]);;
The only way I can see the the code you mentioned working is if the following is at the top of the routes file:
$router = app('router');
Would like to check say that I have the following routes
Route::group(['middleware' => 'auth'], function(){
Route::get('/{profile_url?}', array('as' => 'profile', 'uses' => 'ProfileController#getProfile'));
Route::get('/settings/password', array('as' => 'chgPassword', 'uses' => 'ProfileController#updatePassword'));
Route::post('/settings/password', array('as' => 'postChgPassword', 'uses' => 'ProfileController#postUpdatePassword'));
Route::get('/settings/email/request', array('as' => 'chgEmailRequest', 'uses' => 'ProfileController#updateEmailRequest'));
Route::post('/settings/email/request', array('as' => 'postChgEmailRequest', 'uses' => 'ProfileController#postUpdateEmailRequest'));
Route::get('/logout', array('as' => 'logout', 'uses' => 'ProfileController#logout'));
});
Notice that my first route accepts an optional parameter which will then route the user to a specific profile which it works fine, but when ever i have other routes say that /logout, laravel router will also use the /{profile_url?} route instead of the expected logout route. Is there any way that i can specified something like a reserved keyword like
Route::get('/{profile_url?}', array('as' => 'profile', 'uses' => 'ProfileController#getProfile')
->except('settings', 'logout'));
something like that? Ho that someone can enlighten me with this issue.
Because you put a wildcard {profile_url?} at the first place, Laravel will ignore the rest. So be careful when using wildcard routes. you should put the least specific route in the last place, Lavarel will check all of specific routes. If it doesn't match, it will go to the wildcard route. For example :
Route::group(['middleware' => 'auth'], function(){
Route::get('/{profile_url?}',...); // Lavarel do this
Route::get('/logout',...); // ignore this
});
Route::group(['middleware' => 'auth'], function(){
Route::get('/logout',...); // do this if it matches
Route::get('/{profile_url?}',...); // else do this
});