i want to set permissions only from on IP, because i use this app only for API and not want others peoples have permissions for that application.
There is a simple way to do it , using middleware you will able to check in every request the ip requesting.
Laravel middleware
Related
I have created two lambda functions
register
login
and both of them are getting triggered from respective "Http APIs" in the API gateway. I have set up the stage for both of them as prod. Now I want to call them using my custom subdomain e.g prodapi.mydomain.com by setting the path as "v1"
prodapi.mydomain.com/v1/register
prodapi.mydomain.com/v1/login
I am able to achieve it for a single API but when I try to do API mapping for the other one using the same path, it doesn't allow that and says "ApiMapping key already exists for this domain name".
Any suggestion on how to achieve this?
can you share the endpoint url, before adding the subdomain, and after adding the subdomain
And can you explain your endpoints, how it should look like before adding the subdomain and after
I want to use Nuxt.js for my frontend and laravel sanctum as my backend authentication provider. How should I set the SESSION_DOMAIN key in the .env file in my laravel project.
Also should I edit anything in the server object part in the nuxt.config.js file to make this work?
When you use Sanctum with SPA, such as Nuxt, you've the option to use either API or cookies/sessions. If your application is a first-party application on same top level domain, Laravel recommends to use cookie based approach so you can take advantage of CSRF protection. Axios and Angular Http libraries handles CSRF out of the box, so you don't have to worry too much about handling the requests headers [1].
In your case, I assume your application is first party and is on same top level domain. So your SESSION_DOMAIN value would be for example .domain.com. Also you'll need to set SANCTUM_STATEFUL_DOMAINS=domain.com as well. Usually your SESSION_DOMAIN will have just the main domain your application uses on, while SANCTUM_STATEFUL_DOMAINS will have all the subdomains (if any), that your frontend uses.
To work with Sanctum, we should be familiar with a few things first. We must use our SPA and API backend on the same domain, like frontend on domain.com and API on api.domain.com. We can not set frontend on domain.com and backend (API) on another-domain.com. The client must be able to include cookies with each request being sent to the backend.
session domain is the front-end domain name without protocol and port.
When you are working on local you must set it to localhost and when you are working on server you must set the domain name.
please follow this example of nuxt-laravel-sanctum-auth
I'm building an app where each subdomain has its own database.
For example:
"example1.app.dev" uses "example1_dbo" database
"example2.app.dev" uses "example2_dbo" database
Each subdomain has its own users, meaning that for example:
user_ex1 can only login on example1.app.dev because he is set in example1_dbo
user_ex2 can only login on example2.app.dev because he is set in example2_dbo
How do I achieve this with Laravel Auth?
Basicaly I have set subdomain routing:
Route::domain('{account}.myapp.dev')->group(function () {})
And i have set up database connections in config/database.php and env file.
I have used this concept on Eloquent models with Model->setConnection($account)
But this method is exhausting while app is growing...
I'm looking for Middleware solution where i can change default DB connection for request globally and for Auth as well while i was not able to get authentication to work.
Have you tried this package:
https://github.com/stancl/tenancy
It provide that out of the box.
hope it is helpful.
I have an API and I'm not sure if other services are using it too. I don't want other people to use my server resources and I would like to check that.
Assuming I have a method in a controller, how I can check who accesses this method where the request is not from my domain?
How I can allow connections only from my website/app and refuse from any other source?
Each request has a Host header you can use that to know which domain is using your service.
if you want to only allow your domain to access the service then edit the CORS settings. I'm assuming you are using barryvdh package
in config/cors.php
change the value of
'allowedOrigins' => ['*'],
to your domain instead of * wildcard
You can also use extended library (like so: https://github.com/chrisbjr/api-guard) to add API key to your app so only those who know it can make requests to API.
I have a rails app that I host for multiple users as useraccount.mysite.com. I want to have the option to allow my users to have their own url (useraccount.com) but still host the app using my shared server. So they should be able to access useraccount.mysite.com or useraccount.com and it should return the same stuff. If they goto useraccount.com, the url should always say useraccount.com and they should never see mysite.com.
Is this possible?