User Authentication with Laravel 4

5

I'm starting to authenticate users with Laravel 4 as a basis for this link .

My doubt and the next, every route, I have to use this way?

Route::get('/', array('before' => 'auth'), 'HomeController@index');

I mean, do I have to enter array('before' => 'auth') in the middle of the route? There is no way I can do this only once and the system will validate if I am logged in? Maybe putting yourself in before would be the solution?

Obs: I want to do this in the most organized way possible.     

asked by anonymous 03.07.2014 / 16:52

3 answers

7

You can create groups.

Route::group(array('before'=>'auth'), function(){
   Route::get('/', 'HomeController@index');
   Route::get('/hello', 'HomeController@showWelcome');
});

Official documentation Route Groups

    
03.07.2014 / 16:55
2

As organized as possible, I think it's something like this, route:

  • All my routes referring to the admin panel are inside the filter with admin prefix.
  • Inside admin we have two filters.
  • admin.guest, that if you attempt to access any route within this filter you will be redirected to the route named 'admin.home'.
  • admin.auth, that if you attempt to access any route within this filter you will be redirected to the route named 'admin.getLogin'.

Check out how my code is (I will not document here for the post not getting gritty and tiring).

filters.php

Route::filter('admin.guest', function()
{
    if (Auth::check()) return Redirect::route('admin.home');
});

Route::filter('admin.auth', function()
{
    if (Auth::guest())
    {
        if (Request::ajax())
        {
            return Response::make('Unauthorized', 401);
        }
        else
        {
            return Redirect::route('admin.getLogin');
        }
    }
});

Obs1: the '\ Admin ...' that has in uses in the route is the namespace of my controller, this is another way to organize more the code but it is not the case now Note: the 'csrf' filter is for form authentication in laravel, it checks if the form comes with a token or checks it, see its filter in the filters file

routes.php

/*
|--------------------------------------------------------------------------
| Panel Admin
|--------------------------------------------------------------------------
 */

Route::group(['prefix' => 'admin'], function(){
    Route::group(['before' => 'admin.guest'], function(){
        Route::get('login', [
            'as'    => 'admin.getLogin',
            'uses'  => '\Admin\UsersController@getLogin'
        ]);

        Route::group(['before' => 'crsf'], function(){
            Route::post('login', [
                'as'    => 'admin.postLogin',
                'uses'  => '\Admin\UsersController@postLogin'
            ]);
        });
    });

    Route::group(['before' => 'admin.auth'], function(){
        Route::get('/', [
            'as'    => 'admin.home',
            'uses'  => '\Admin\HomeController@index'
        ]);
    });
});

I do not think it was too complicated for you to understand.

    
16.07.2014 / 01:40
2

The best way, sometimes, is to define this in the controller, in the __construct () method:

    public function __construct()
    {
        $this->beforeFilter('auth');
    }

In this way, all methods of this controller will only be accessed by authenticated users. If you want to open one or more exceptions to this filter:

public function __construct()
{
    $this->beforeFilter('auth' => ['except' => ['index', 'show']]));
}

or else

public function __construct()
{
    $this->beforeFilter('auth' => ['only' => ['create', 'edit', 'store', 'destroy', 'update']]));
}

It is also interesting to have csrf filter in the BaseController constructor method, to protect against CSRF attacks:

public function __construct()
{
    $this->beforeFilter('csrf', array('on' => 'post'));
}

or

public function __construct()
{
    $this->beforeFilter('csrf', array('on' => ['post', 'put', 'patch', 'delete']));
}
    
19.07.2014 / 04:40