I have a middleware which works fine when defined as a global middleware in Kernel.php. However, I want it to be applied only to specific routes, so I do this:
Route::group(['prefix' => 'myapi/', 'middleware' => 'api'], function(){
});
Calling php artisan route:list shows that the middleware is detected correctly. However, it does not get executed (I know this because even purposely placing an error in the file does not do anything).
...
protected $middlewareGroups = [
...
'api' => [
'throttle:60,1',
\App\Http\Middleware\CORSMiddleware::class,
],
];
When the middleware is set as global, it does not get listed by route:list. Also, purposely specifying a wrong middleware name in routes.php does not throw any error.
EDIT:
Logging shows that the middleware is executed for all GET ressource routes, but not for POST/PUT/DELETE.
I believe middleware has to be placed inside an array when adding it to a group - that will cause it to trigger and give you the expected result:
Route::group(['prefix' => 'myapi/', 'middleware' => ['api']], function(){
});
Related
I am trying to code a login function for my api that takes a username and password then give you a password grant token to make api requests. The login route when called gives you
{
"message": "Unauthenticated."
}
I am using passport on laravel to do secure the api. Why am I getting a 401 when the route does not have the auth:api middleware? I tried using a clousure to see if I get could get a response and the closure did not give me an error.
Route::group(['prefix' => '/v1', 'middleware' => ['auth:api'], 'namespace' => 'Api\V1', 'as' => 'api.'], function () {
Route::post('/post/like','PostLikeController#store');
});
Route::group(['prefix' => '/v1', 'namespace' => 'Api\V1', 'as' => 'api.'], function () {
Route::post('login', 'Auth\LoginController#login');
});
Does your login controller have a constructor? sometimes middleware is set in there?
Otherwise I've also had issues with having the middleware routes above the public ones.
Try putting the public routes in the file first and also checking the LoginController.php for a constructor which might be setting a middleware
It possibly due to the same prefixes, as it does not overriding but instead stacking on top of each other.
I suggest for your login route, possibly, you can use this
Route::post('login', 'Auth\LoginController#login')->withoutMiddleware([FooMiddleware::class]);
If it's still does not help try putting your login route above the middlewared route.
I have a question that might sound silly to you so please forgive me.
I am not sure when do I use the routes/api.php file.
If I want to delete a record from a datatable with ajax, do I need to create a separate controller and put the route in api.php or can I use the same controller I use for everything else and put the route in web.php?
I'm not sure if you read the Laravel documentation or how much familiar you are with Laravel, but in Laravel 5.3 you have web routes and api routes in separate files.
You use api routes only for registering your api (ie if you are building a rest api service), and all routes placed there will be prefixed by default with /api. So ie if you define a route /user inside the api file, it will be automatically prefixed with /api, so your end point would be www.yourapplication.com/api/user.
If you are not building a rest api service or anything similar dont use this file at all, use the web file for defining all of your application routes.
Also consider visiting Laracast website, as they have a nice introduction to new changes in Laravel 5.3 including web and api routes. Hope this helps you.
All that routes placed in api.php will be prefixed by /api, which was also mentioned by bernadd, there are other differences:
in this link(https://mattstauffer.co/blog/routing-changes-in-laravel-5-3) you can find the difference between api and web in laravel code:
in App\Providers\RouteServiceProvider:
public function map()
{
$this->mapApiRoutes();
$this->mapWebRoutes();
//
}
protected function mapApiRoutes()
{
Route::group([
'middleware' => ['api', 'auth:api'],
'namespace' => $this->namespace,
'prefix' => 'api',
], function ($router) {
require base_path('routes/api.php');
});
}
protected function mapWebRoutes()
{
Route::group([
'namespace' => $this->namespace, 'middleware' => 'web',
], function ($router) {
require base_path('routes/web.php');
});
}
in App\Http\Kernel.php in "protected $middlewareGroups" you can see this:
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
'throttle:60,1',
'bindings',
],
And:
in config\auth.php : In this file's Comments you can clearly find out the difference between default "auth"('guard' => 'web') vs "auth:api"
I've been working on an app that initially didn't use middleware. Later on, I decided to add middleware and had to change my routes from something like:
Route::get('admin/poems', array('as' => 'poems', 'uses' => 'PoemsController#poem'));
to
Route::get('admin/poem', ['middleware' => 'auth', 'uses' => 'PoemsController#poem']);
Now the disadvantage is that I had been redirecting to this route (poems) several times and adding middleware as indicated will require me to go through all my code and change the name of the route in the redirect.
How do i solve this problem?
Thanks for any help.
You don't need to lose the name of your route, the array will still accept it along with your middleware.
Just add it in to look like so:
Route::get('admin/poem', ['middleware' => 'auth', 'as' => 'poems', 'uses' => 'PoemsController#poem']);
This way you don't need to go through and rename your routes anywhere and can still protect it with auth middleware.
try put middleware to a group route
Route::group(['middleware' => 'auth'], function () {
Route::get('/', function () {
// Uses Auth Middleware
});
Route::get('user/profile', function () {
// Uses Auth Middleware
});
});
I'm getting MethodNotAllowedHttpException in RouteCollection.php line 218:
when i'm posting form within larave-localization route group.
Here is my localized route group:
Route::group([
'prefix' => LaravelLocalization::setLocale(),
'middleware' => [ 'localeSessionRedirect', 'localizationRedirect' ] ], function() {
Route::post('/offerselect', 'SearchController#getCarList');
Route::get('/', 'PageController#index');
});
I have a form inside index.blade php and it posts to /offerselect
but when i post it i get methodnotallowed exception. if i place the post outside of group it works without localization....
check
php artisan routes
to see if you're routes are defined correctly.
update: is that your whole routes.php?
I am writing a Laravel 5.2 application. I need to manually login the user for which I am using \Auth::login($user). I am doing it in following way.
if ($user = User::where('phone',session('phone'))->first())
{
\Auth::login($user);
// \Auth::loginUsingId($user->id);
// Auth::attempt(['email' => $user->email, 'password' => 'password']);
$data = \Auth::user(); //returning correct results
}
I have tried all the options namely Auth::login($user), Authh:loginUsingId($user->id) and attempt method. These methods are working fine as the $data variable is storing the object of correct user. But the problem is when I move to other route say '/home' the user remain no more authenticated.
What might be the wrong here? How could I do it correctly?
Since Laravel 5.2, you have to attach all your routes that need session with the 'web' middleware. See your app/Http/Kernel.php, the 'web' middleware contains the \Illuminate\Session\Middleware\StartSession.
In routes you have to use web in laravel 5.2
Route::group(['middleware' => ['web', 'auth']], function () {
Route::get('/', 'HomeController#index');
Route::get('/profile', 'HomeController#profile');
});