laravel-api-auth
laravel-api-auth copied to clipboard
Dead simple Laravel api auth middleware
Laravel Api Auth
Laravel gives easy ways to handle api authorization using user based tokens, but sometimes you need to use a single token to give access to your application, especially when you're developing two apps that need to be connected, or perhaps you're in need of connecting Telegram-bot to your app endpoint using webhooks
Laravel-api-auth makes that easy as breathe, no migrations, no models
Installing package
If you're using Laravel prior to 5.5, consider using v0.1 branch
$ composer require erjanmx/laravel-api-auth
Publish the Package configuration
$ php artisan vendor:publish --provider="Apiauth\Laravel\CAuthServiceProvider"
Using package
Step 1
Change defaults in config/apiauth.php
<?php
return [
'services' => [
'MY_APP' => [ // this is the name of the middleware of route group to be protected
'tokenName' => 'api_token', // name of key that will be checked for secret value
'token' => env('MY_APP_TOKEN'), // secret value that is retrieved from env vars and needs to be passed in requests in order to get access to your protected urls
'allowJsonToken' => true,
'allowBearerToken' => true,
'allowRequestToken' => true,
]
],
];
Step 2
- Add your secret value in
.env
file
// .env
...your other variables
MY_APP_TOKEN=my-secret
Step 3
- Add group with middleware in your routes file
Route::group(['prefix' => 'api', 'middleware' => ['apiauth:MY_APP']], function () { // note the `MY_APP` that should match the name in your config we changed above
Route::any('/', function () {
return 'Welcome!';
});
});
That's it
Your urls within your group are accessible only if valid token provided
- In
GET
orPOST
request
- In request header as
Authorization Bearer
(tokenName
is ignored in this case)
- In
json
raw body
You're free to change token name (api_token
by default) in configuration file as well as
authorization methods to be checked.
Also you can set as many services as you want.