I have installed Laravel and set up authentication and I have also created a route group like this:
// users that want to access test route should be logged in.
Route::group(['middleware' => ['web', 'auth']], function () {
Route::get('first', function () {
return 'first';
});
});
The problem is when I access the route like this:
http://localhost/first
I can see my "first" message, but when I refresh the same page laravel redirects me to:
http://localhost/home
I could not solve this and I have moved my first route out of the route group now everything is working well. If I keep it in the route group with auth & web middlewares it is not working.
Try to remove web middleware if you're using 5.2.27 and higher.
Related
So i have this code in my route :
// Facilitator Priviledges
Route::group(['roles'=>'facilitator'],function(){
//Material
Route::get('/material', 'MaterialController#index');
Route::post('/material', 'MaterialController#store');
Route::get('/material/{course:id}/create', 'MaterialController#create');
Route::get('/material/detail/{course:id}', 'MaterialController#show');
Route::get('/material/{material:id}/edit', 'MaterialController#edit');
Route::patch('/material/{material:id}', 'MaterialController#update');
Route::delete('/material/{material:id}', 'MaterialController#destroy');
});
//Admin Priviledges
Route::group(['roles'=>'admin'],function(){
Route::resource('/categories', 'CategoriesController');
//Material
Route::get('/material', 'MaterialController#index');
Route::post('/material', 'MaterialController#store');
Route::get('/material/{course:id}/create', 'MaterialController#create');
Route::get('/material/detail/{course:id}', 'MaterialController#show');
Route::get('/material/{material:id}/edit', 'MaterialController#edit');
Route::patch('/material/{material:id}', 'MaterialController#update');
Route::delete('/material/{material:id}', 'MaterialController#destroy');
});
It has the same route, in this case, Material Route that both admin and facilitator roles can access it, but when the code runs it can be only one role that working fine (I'm using admin) and the other giving error (503) Servive unavailable
You can refer to this to this Question
Or you can refer to Laravel Policy
or you can simply create your own policy and register it in your middleware.
Route::group(['middleware' => ['admin', 'facilitator']], function () {
Route::get('/material', 'MaterialController#index');
Route::post('/material', 'MaterialController#store');
Route::get('/material/{course:id}/create', 'MaterialController#create');
Route::get('/material/detail/{course:id}', 'MaterialController#show');
Route::get('/material/{material:id}/edit', 'MaterialController#edit');
Route::patch('/material/{material:id}', 'MaterialController#update');
Route::delete('/material/{material:id}', 'MaterialController#destroy');
});
If you want to use the cascading ability of the groups, this is how you would nest them:
Route::group(['roles'=>'admin'],function(){
Route::resource('/categories', 'CategoriesController');
Route::group(['roles'=>'facilitator'],function(){
Route::get('/material', 'MaterialController#index');
Route::post('/material', 'MaterialController#store');
Route::get('/material/{course:id}/create', 'MaterialController#create');
Route::get('/material/detail/{course:id}', 'MaterialController#show');
Route::get('/material/{material:id}/edit', 'MaterialController#edit');
Route::patch('/material/{material:id}', 'MaterialController#update');
Route::delete('/material/{material:id}', 'MaterialController#destroy');
});
});
In the inner group roles is ['admin', 'facilitator']
I am logging in via Laravel API.
Let's say that I am on www.domain.com/login. After login is successful, I put the token into a cookie and redirect to /admin.
Route::get('/admin', function () {
return view('admin');
})->middleware('auth');
The problem is that Laravel doesn't see that the user is logged in, thus redirects me to /login once more.
And, if I declare the route as follows
Route::get('/admin', function () {
return view('admin');
});
Everyone can access www.domain.com/admin
I appreciate any help.
Luca
You need to add auth:api middleware so it can see the auth user
I'm creating a backend system that I want to use VueJS2 for with a Laravel backend. The problem i'm facing at the moment is integrating this all together while keeping the 'tidy' URLS (no hashbangs) utilising Vue's history mode:
const router = new VueRouter({
routes,
mode: 'history'
})
I am a fan of the way Laravel handles Authentication and as such i've tried to use that in this system as an entry point into the SPA but doing so breaks the history mode.
In my routes file i've added a Vue capture route that works to allow hard refreshing of the browser and back button etc and this works fine:
Route::get('/{vue_capture?}', function () {
return view('home');
})->where('vue_capture', '[\/\w\.-]*');
However in order to use Laravel Auth i've added the following check, which works to force you to login before accessing anything else but breaks the history mode:
if (Auth::check()) {
Route::get('/{vue_capture?}', function () {
return view('home');
})->where('vue_capture', '[\/\w\.-]*');
}
else {
// the home controller has the auth middleware in the __construct
Route::get('/', 'HomeController#index');
}
I've tried adding middleware onto the end of the vue capture route but it didn't seem to do anything.
Many thanks!
To get SPA working with any backend, you should use Api authentication based on JWT.
This is Laravel docs about it: https://laravel.com/docs/5.3/passport
This is good package for this purpose: https://github.com/tymondesigns/jwt-auth
I'm currently studying Laravel framework and dingo api. Is there any way to integrate the role based permission using entrust to dingo api?
So for example, I have a route to get all the list of users, but only admin can access this.
So if the user is authenticated, but he's not an admin, he can't access this route.
I tried adding the middleware of entrust to the routes.php but when I tried it on postman, I get a syntax error.
here's my routes.php file:
$api->version('v1', ['middleware' => ['jwt.auth', 'role:admin']], function ($api) {
$api->get('users', 'App\Http\Controllers\Auth\AuthController#index');
$api->get('user', 'App\Http\Controllers\Auth\AuthController#show');
});
You can group this into different parts as this:
$api->version('v1', ['middleware' => 'jwt.auth'], function ($api) {
//general routes route goes here
//....
$api->group(['middleware' => 'role:admin'], function($api) {
//admin routes goes here
$api->get('users', 'App\Http\Controllers\Auth\AuthController#index');
$api->get('user', 'App\Http\Controllers\Auth\AuthController#show');
});
});
This means even though the user is authenticated, the two routes in the new group can only be accessed by the admins.
I hope this is helpful.
I build api service using laravel.
I want to log all acess to the api routes
I though somewhere in the routes.php put some code that get the requested route? any help? thanks
laravel 4
You can define a route filter first
Route::filter('log', function($route, $request, $response)
{
// log work
});
then apply the filter to your route
Route::get('api', array('before' => 'log', function()
{
return 'logged!';
}));
I think you can also get the log from the access log of your web server.