farshadf

thanks , thats works really well , You Saved a Day .

yes @martinbean i know it may seems that its not standard but any way i have no other way to do it so i wanted to know if there is any way to logout the previous user and generate token for the new user and logs userB in manually like what we do in normal web guard .

i want to customize the login process for one of my users as below so i have 3 steps : 1-authenticate the user A from the Bearer Token they send me 2-receive the info of User B from User A from a custom value in header 3-Logout the User B from the guard('api') and Generate a token from that custom token they provide me . 4-login the user B and athenticate user B into guard('api'). so what i have tried so far i have part 1 and 2 now i need to do part 3-4 what i have tried like below : 1- i have athenticated the user from token generated error like below if they are not logged in :

 protected function authenticateApi($request)
    {
        if (
            !$this->auth->guard('api')->check() ||
            $this->shopIsNotVerified()
        ) {
            throw new AuthenticationException(
                'Unauthorized.', ['api'], $this->redirectTo($request)
            );
        }
    }

and i added another middle ware like below for step 2 on first line and the other lines are for 3 and 4 :

 $UserB_info = $request->header('UserB_Key');
  $userB = UserCustomeModel::where('custom_api_token',$UserB_info)->first();
  //here i want to log out the user A from Guard('api') and log the user b into that .
  //i tried this but no luck with it .
  $token = $userB->createToken($userB->name)->accessToken;
  $request->headers->set('Authorization', $token);

hi guys , in my project i have a part that i want to manually logs in a user in my api guard , now what i have tried is that :

auth()->guard('api')->attempt($mobile,$password);

but i get this error :

"Method Illuminate\Auth\RequestGuard::attempt does not exist.", "exception": "BadMethodCallException", "

i tried to use :

    $user = Auth::login($user);

but this logs the user in into web guard and not the api guard . another way i used the :

dd($user->createToken($user->name));

i have the token now and i wanted to know if its possible to logs the user into guard('api') and have it authenticated . thanks in advance

hi , i have a multi dimention array that i want to write test for . i read on web that there was a function called arrayHasSubKey but it does not exists any more it seems . i am using laravel 5.8 and i want to check if this array has a subkey this is what my array looks like :

key =>value [
 key2 =>value2 [
  key3 => [
    key4 =>value4,
    key5=>value5
]
]
]

now i want to check if key2 or key3 exists on the array . how can that be done in a laravel test . thanks in advance

hi , in my registration process if some setting is active i add a realtionship to user model called Vendor so if the setting is active when user is being created a model (relationship) will be created for him too . now what i want to do is to write a test for it that if the setting is on and a user is created can i see the relation in database or not . what i have wrote so far is that :

        $response = $this->call('POST', 'api/user/sign-up', ['name'=>'test','password'=> '123456','password_confirmation'=>'123456']);
    $response->assertStatus(201);
        $response->assertDatabaseHas('users',['name'=>'test']);
        $response->assertDatabaseHas('user_vendor',['user_id'=>'Cantfinduserid']);

but because i am not returning the user in api i cant find the userid to assert the database has this the other way i wrote it was :

        $shop = factory(Shop::class)->create();
 $response->assertStatus(201);
        $response->assertDatabaseHas('users',['name'=>'test']);
        $response->assertDatabaseHas('user_vendor',['user_id'=>'Cantfinduserid']);

but i dont know in second way the relation is doing to be created or not because i am making it in my user controller . now i really dont know how to test this . thanks for your help

i have an snippet that i am trying to loop 2 times on an array like below :

     $rules = Rule::get();
        $segments = [];
        foreach ($rules as $rule) {
            $segments['segment = "basic"']['serviceType']= $rule->segment;
            foreach($rule->steps as $key => $value) {
                $segments['segment = "basic"'][$key] = $value;
            }
        }
        return $segments;

so what i am expecting to get from that code is like below :

 'segment = "BASIC"'     => [
                'serviceType = "3"'  => [
                  'item1' => 1,
                  'item2' => 2
                ],
                'serviceType = "2"'  => [
                  'item1' => 1,
                  'item2' => 2
                ],
                'serviceType = "1"'  => [
                  'item1' => 1,
                  'item2' => 2
                ],

but what i get is like below

^ array:1 [
  "segment = "basic"" => array:3 [
    "serviceType" => "1"
    "item1" => 1
    "item1" => 2
  ]
]

so what i want is that the array inside the the segment = "basic" repeats as the count of Rule` model i know that my code is returning 5 instance of model but i guess at some point the code is overwriting the array instead of looping it . thanks in advance

i am trying to send a request to a api . its working fine in post man but in code i get this error :

411 content length required error

when i add this line to my header :

     $header = [
                'Authorization' => 'Basic '.$token,
                'Content-Type'  => 'application/json',
                'Content-Length' => strlen($content)
            ];

i get error too because i am sending an array to this function and $content is an array . any idea how can i get the content str len ?? i tried json_encode too but it always returns 1000 bytes and again it fails .like below :

     $header = [
                'Authorization' => 'Basic '.$token,
                'Content-Type'  => 'application/json',
                'Content-Length' => strlen(json_encode($content))
            ];

@martinbean you are right i saw doc again and saw i have to check the active subsction with subscribedToPlan() thanks

i am using laravel cashier for subscription system , i implemented the payment like this :

public function orderPost(Request $request)
    {

        $user = auth()->user();
        $input = $request->all();
        $token =  $request->stripeToken;
        $paymentMethod = $request->paymentMethod;



        $newSubscription = $user->newSubscription('default ', 'price_1IFyPsB9YMR57in7UrNtRb9G')->create($request->payment_method, ['email' => $user->email]);

        dd($newSubscription);

and my view is like below :

       <form action="{{route('order-post')}}" id="payment-form" method="post">
                            @csrf
{{--                        {!! Form::open(['url' => route('order-post'), 'data-parsley-validate', 'id' => 'payment-form']) !!}--}}
                        @if ($message = Session::get('success'))
                            <div class="alert alert-success alert-block">
                                <button type="button" class="close" data-dismiss="alert">×</button>
                                <strong>{{ $message }}</strong>
                            </div>
                        @endif
                        <div class="form-group" id="product-group">
                        </div>
                        <div class="row">
                            <div class="col-md-12">
                                <div class="form-group">
                                    <div id="card-element"></div>
                                </div>
                            </div>

                        </div>
                        <div class="form-group">
                            <button id="card-button" class="btn btn-lg btn-block btn-success btn-order">Place order !</button>
                        </div>
                        <div class="row">
                            <div class="col-md-12">
                                <span class="payment-errors" id="card-errors" style="color: red;margin-top:10px;"></span>
                            </div>
                        </div>
                        </form>

now what happens after i receive the dd the database is filled with data and stripe shows that i got this plan but i have one problem and thats like image below that the field ends_at has null value :

now i want to know how can i detect that when user account expires and if a user have active subscription or not . thanks .

so its like this the user visits localhost:8000/login enters user and password . fortify logs user in and its fine . now i want to generate a token too and give it to vuejs and it stores that in local storage

@martinbean yes i installed passport and i want to generate token with passport but the point is that when the user login website i want to generate token for it not using another end point . because i am using vuejs in my application so a part of my application is using blade and default Auth::user but the parts that use api i cant authenticate user thats why i want to generate a token and give it to vuejs to store it in localstorage dont know bad practice is it really but thats what i thought would be right . thanks

i have an application that for user login i use laravel fortify . now i have some apis that my own vuejs inside laravel use it . i want to generate token for the user on login method and return it to vuejs . now i have 2 questions 1- where i can find laravel fortify login method ?? 2- how can i generate a token and return it to frontend(vuejs) ?? here is what i find in my fortify vendor folder :

in vendor/laravel/fortify/src/http/controller/AuthenticatedSessionController
  public function store(LoginRequest $request)
    {
        return $this->loginPipeline($request)->then(function ($request) {
            return app(LoginResponse::class);
        });
    }

I have an application which is monolithic. Now I want to get the authenticated user in just like 2 apis in my application. I know that I can use laravel passport to generate tokens and get the user but I want to know if it's possible to get the authenticated user on website in api too. Now in my api controller when I dd() below options I get null:

    dd(auth()->user());
    dd(auth('api')->user());
    dd(Auth::user());

I am using laravel fortify for user login.

hi i have a laravel 8 application that uses fortify with custom views to login and register users . now i have some api routes that i want to get the logged in user details on them too . the problem is that i dont want to use passport and other packages to make the job hard to generate token and so on because most of the routes are on the web.php and just some routes are on api.php so what i have tried is like below :

        dd(auth()->guard('api')->user());

but it returns null and :

        dd(Auth::user());

again null . so is there any way to get the authenticated user in the api routes ?

i have installed the laravel/fortify on my laravel project . before i install this package when i hit

http://localhost:8000/login

i get 404 not found but after installing this package when i hit

http://localhost:8000/login

i am redirected to the homepage before i see the login page . according to docs i wrote this fucntion to get my own view :

        Fortify::loginView(fn () => view('auth.login'));

and i made the view for that . but when i hit any auth login like /registe and /login i am redirected to homepage . #edit : this will redirect me to any where i change on routeServiceProfiver.php on this line :

    public const HOME = '/';

so i think it consider me a login user but when i dd(Auth::user()) i get null and i am not logged in .

@snapey thanks man for the answer yes listing them is an option but it would be way more better to show on calendar and let user click on it . i saw that before but unfortunately that is using js too . i wanted to see if there is a package that let u pass event elequnt and render calendar which seems there none . thanks in advnace

hi , i have an event model in my project which simply i just want to retrive some of events and then show them in blade in laravel 8 so far untill now i tried this :

https://github.com/maddhatter/laravel-fullcalendar

but this is outdated and the forks that made this compatible with laravel 8 is not working too . i want to know if there is any easier and alternative solution to do this . note : i dont want to use vuejs and i just want to use blade for that here is my simple controller :

   public function index(){
        $events = Event::take(3)->get();
        return view('home',compact('events'));
    }

events has start_at field which i want to show based on that field . thanks in advance

i want to make an event with some files attached to it in voyager so what i have done is i made the models and migrations like below :

 Schema::create('events', function (Blueprint $table) {
            $table->id();
            $table->string('title');
            $table->string('description');
            $table->integer('price');
            $table->dateTime('start_at');
            $table->dateTime('finish_at');
            $table->boolean('is_free');
            $table->timestamps();
        });

and the files table migration :

 Schema::create('files', function (Blueprint $table) {
            $table->id();
            $table->string('src');
            $table->string('mimeType');
            $table->string('event_id');
            $table->timestamps();
        });

and what i have dont in voyager is i created the event bread and its working fine but i want to add the relation to the files and add multiple files to my event. so for relation i have done like below : as you can see i have added the relation ship and set it to hasmany but when i want to edit the break i cant set the type to mediaPicker it just shows the relationship type but i want to add or remove multiple files to event .

You have a couple options.

If you have access to the command line, you can attempt to manually create the symlink yourself. It's possible they disabled the PHP symlink() command, but the OS ln command may still be available to you. From the command line:

ln -s /path-to-project/storage/app/public /path-to-project/public/storage

If you don't have access to the command line, you can attempt to run the command from PHP using one of the program execution methods (exec(), shell_exec(), etc.). However, if they've disabled symlink(), they've probably disabled all of those, as well. To attempt this, create a temporary route, hit it once, then delete it:

Route::get('temp-create-link', function () {
    exec("ln -s ".escapeshellarg(storage_path('app/public')).' '.escapeshellarg(public_path('storage')));
});

If you don't have a way to run the ln command, or if it has been disabled at the OS level, then you'll need to manually create your public/storage folder and update your filesystem config to point to it. Once you've created the public/storage folder, open your config/filesystems.php file and update the root key for your public disk to point to it:

'disks' => [

    // ...

    'public' => [
        'driver' => 'local',
        // old value: 'root' => storage_path('app/public'),
        'root' => public_path('storage'),
        'url' => env('APP_URL').'/storage',
        'visibility' => 'public',
    ],

    // ...

],

i am hosting my laravel on an cpanel that not sups symlink so when i run storage:link i get this error :

symlink() has been disabled for security reasons

when i contacted my provider they told me that they cant open it but i have to make changes in my file system to read from the storage it self . now my question is how can i change the config/filesystem.php to not read from symlink but the storage folder it self . thanks in advance

i am using laravel fortify and jetstream for user profiles . now when i active the profile photo in setting when i want to enter a photo for my profile i get this error below :

The photo must be an image.

when i check the console for error i find this :

Uncaught TypeError: Cannot set property 'value' of undefined
    at HTMLInputElement.clearFileInputValue (FileUploads.js:37)
    at eval (eval at saferEvalNoReturn (alpine.js:143), <anonymous>:3:33)
    at saferEvalNoReturn (alpine.js:143)
    at Component.evaluateCommandExpression (alpine.js:1720)
    at runListenerHandler (alpine.js:895)
    at HTMLButtonElement.handler (alpine.js:871)

i am using the livewire for jetstream

i simply want to take users post in my laravel application . its even fine if my user has to insert his username password because i want to crawl all the posts media and text once and then they can change password . for the matter of what i tried so far : 1-i created an app in this link :

https://developers.facebook.com/apps/

then i generates an User Token and a App Token after that i called this api :

https://graph.instagram.com/17841405793187218?fields=id,username&access_token=myAppToken

i placed my App token in that api but this showed me this error :

{
    "error": {
        "message": "Access token does not contain a valid app ID",
        "type": "OAuthException",
        "code": 190,
        "fbtrace_id": "Agc0R_wnDwoCzgNuXt2gt1y"
    }
}

now i dont know even if i am on a right train or not but simply i want to crawl all users posts . thanks in advance

i want to know if its possible to send notification to user into their WhatsApp i know that its possible thro Twilio but i wonder to know if its possible to send directly from laravel to whats app api .

thats my point , before the user being redirected to another page i need to check if the mobile number is valid and it doesnt have verifycode in my database and if this mobile number exists in my database and some more ifs which are in a function in my backend and i dont want the user to leave this page before this are checked thanks for the help

i have a form which i am using axios to submit a form in my laravel app like below :

<script>
export default {
  props: [ 'route' ],

  data: function () {
    return {
      mobile: ''
    }
  },

  methods: {
    submitMobile(){
      axios.post('/customer/send-sms', {
        mobile: this.mobile
      })
          .then(response => {
           console.log(response.data)

          })
          .catch(function (error) {
            console.log(error)
          });
    }
  },
}

</script>

now i know it may not possible but after submiting the form if the user mobile is valid and all other conditions that i check i want to redirect user to the page that enters the the verify code

this code has syntax error i am sorry i am not that good in vue and how to debug this code .

that was the example if you look below i have tried those both too but the answer is yet null

i am trying to submit a simple form using vuejs but the form is being submited empty . my form is this :

          <form method="POST" @submit.prevent="submitMobile">

            <input type="hidden" name="_token" v-bind:value="csrf">

            <div class="container my-5 z-depth-1">


              <!--Section: Content-->
              <section class="dark-grey-text p-5">

                <!-- Grid row -->
                <div class="row">
                  <!-- Grid column -->
                  <div class="col-md-12 mb-lg-0 mb-4">
                      <!-- Section heading -->
                      
                      <div class="input-group">
                        <input class="form-control send-sms-btn" name="mobile"
                               v-validate="'required:11'" placeholder="_ _ _ _ _ _ _ _">
                        <div class="input-group-append">
                          <button class="btn-theme btn btn-md btn-primary rounded-right m-0 px-3 py-2 z-depth-0 waves-effect"
                                  type="submit" id="button-addon2">send
                          </button>
                        </div>
                      </div>
                      <br>
                     
                      <small class="form-text black-text"><strong></strong></small>
                    <!-- Form -->

                  </div>
                  <!-- Grid column -->

                </div>
                <!-- Grid row -->

              </section>
              <!--Section: Content-->


            </div>
          </form>

and this is my vuejs :

 export default {

        props: [
        'csrf' ,'route'
        ],

        data: function () {
            return {
                mobile: ''
            }
        },
        methods: {
          submitMobile: function() {
            alert(this.formData)
            this.$http.post('/customer/send-sms', {'mobile':'123'}).then(function(response) {
//            this.$http.post('/customer/send-sms', this.mobile).then(function(response) {
//            this.$http.post('/customer/send-sms', this.formData).then(function(response) {
//  i have tried those both 2 but yet nothing returns


              console.log(response.data);
            }, function() {
              console.log(this.mobile)

            });
          }
        }
    }

now when i submit the form the controller needs mobile which it returns null and when i alert the mobile in vue it alerts null

damn sorry i didnt focus that i have messed with the html markup :( thanks in advance

well i thought that @submit.prevent="submitMobile" makes the form being submited by vue . any hit how can i fix that ??

i am trying to submit a form with laravel and vuejs in a component like below :

          <form action="#" @submit.prevent="submitMobile">
            <div class="container my-5 z-depth-1">
                    <!-- Form -->
                    <form class="" action="">
                      <!-- Section heading -->
                      <div class="input-group">
                        <input class="form-control send-sms-btn" name="mobile"
                               v-validate="'required:11'" placeholder="_ _ _ _ _ _ _ _"
                               aria-label="Enter your email address"
                               aria-describedby="button-addon2">
                        <div class="input-group-append">
                          <button class="btn-theme btn btn-md btn-primary rounded-right m-0 px-3 py-2 z-depth-0 waves-effect"
                                  type="submit" id="button-addon2">submit
                          </button>
                        </div>
                     </div>
                    </form>
          </form>

and here is my vuejs :

    export default {
        props: [

        ],

        data: function () {
            return {

            }
        },

        methods: {   
          sendContactFormServer() {

            axios({
              method: 'POST',
              url: '/customer/send-sms',
              data: {
                "mobile": this.form.mobile,
              },
              headers: {
                'Content-Type': 'appllication/json',
                'Accept': 'application/json',
              }
            })
                .then(window.location.href = "/")
                .catch(error => console.log(error))
          },
          submitMobile: function() {
            this.$http.post('/customer/send-sms', this.formData).then(function(response) {
              console.log(response);
            }, function() {
              console.log('failed');
            });
          }
        }
    }

i tried 2 functions but both of them returns me to the same page with the query string of the input i have send . now i want to know how can i submit this form without refreshing the page . thanks in advance

i want to build a laravel 8 application that uses bootstrap and its so simple until this part but i want to add the rtl version of bootstrap to that . so what i did was this :

composer require laravel/ui
php artisan ui bootstrap
npm install
npm run dev

and what i get is the bootstrap is running fine . and what i did for the the rtl bootstrap is this in layout.blade.php:

<link href="{{ asset('css/app.css') }}" rel="stylesheet">
<link rel="stylesheet" href="https://cdn.rtlcss.com/bootstrap/v4.2.1/css/bootstrap.min.css" integrity="sha384-vus3nQHTD+5mpDiZ4rkEPlnkcyTP+49BhJ4wJeJunw06ZAp+wzzeBPUXr42fi8If" crossorigin="anonymous">

but yet again elements are left to right . any idea how to do that and what i am doing wrong

thanks for the answer i did as you said but yet again there is no relation among my tables in mysql now that i use your code the type are the same but i dont see any relation on phpmyadmin design tab see the image below please : https://imgur.com/a/aulk4fo

i am creating a fresh application on laravel and i am writing the migrations and i want to set the foreign key for my columns so i am doing like below :

   Schema::create('products', function (Blueprint $table) {
            $table->id();
            $table->integer('type_id');
            $table->string('name');
            $table->integer('status_id')->default(0);
            $table->integer('category_id')->default(0);
            $table->integer('store_id');
            $table->timestamps();
            $table->foreign('status_id')->references('id')->on('product_statuses');
            $table->index('status_id');
            $table->foreign('type_id')->references('id')->on('product_types');
            $table->index('type_id');
            $table->foreign('category_id')->references('id')->on('product_categories');
            $table->index('category_id');
            $table->foreign('store_id')->references('id')->on('stores');
            $table->index('store_id');

but these are not working as i check it in phpmyadmin it let me insert any number not the item from status_id for example and when i check it in design tab i dont see the relation between the tables.

@jlrdw i can do the sms part because its my own country provider but the thing is i dont know how to customize the jetstream logic for login and i dont know where are those code located

i want to change the field that users register from email to their cellphone so here is what i have done so far : 1- i changed the migration to add the cellphone field to the users table and forget password table as below :

   Schema::create('users', function (Blueprint $table) {
            $table->id();
            $table->string('name');
            $table->string('email');
            $table->string('cellphone')->unique();
            $table->timestamp('email_verified_at')->nullable();
            $table->string('password');
            $table->rememberToken();
            $table->foreignId('current_team_id')->nullable();
            $table->text('profile_photo_path')->nullable();
            $table->timestamps();

2- as far as i saw the config file the fortify.php i changed this column :

   /*
    |--------------------------------------------------------------------------
    | Username / Email
    |--------------------------------------------------------------------------
    |
    | This value defines which model attribute should be considered as your
    | application's "username" field. Typically, this might be the email
    | address of the users but you are free to change this value here.
    |
    | Out of the box, Fortify expects forgot password and reset password
    | requests to have a field named 'email'. If the application uses
    | another name for the field you may define it below as needed.
    |
    */

    'username' => 'email', // i changed from email to cellphone

    'email' => 'email', // i changed from email to cellphone

now i want to know what else i have to do to set the register and login on the cellphone field and customize the register controller to send sms and verify that in the register process . thanks in advance

i want multiple text inputs that when i change one of them i want others to change with the same value too . my inputs are generating in a loop of v-for like below :

  <tbody>
<variant-item v-for='(variant, index) in variants' :variant="variant" :key="index" :index="index" @onRemoveVariant="removeVariant($event)"></variant-item>
 </tbody>

and here the input is getting generated :

<td>
   <div class="control-group" :class="[errors.has(variantInputName + '[price]') ? 'has-error' : '']">
   <input type="number" v-validate="'required|min_value:0.0001'" v-model="variant.price" :name="[variantInputName + '[price]']" class="control" data-vv-as="&quot;{{ __('admin::app.catalog.products.price') }}&quot;" step="any"/>
   <span class="control-error" v-if="errors.has(variantInputName + '[price]')">@{{ errors.first(variantInputName + '[price]') }}</span></div>
</td>

so with this code if i have 2 products for example the result would be like below :

<td><div class="control-group"><input type="number" name="variants[4344][price]" data-vv-as="&quot;price&quot;" step="any" class="control" aria-required="true" aria-invalid="false"> <!----></div></td>

.
.
.
.
<td><div class="control-group"><input type="number" name="variants[4345][price]" data-vv-as="&quot;[price&quot;" step="any" class="control" aria-required="true" aria-invalid="false"> <!----></div></td>

now I want this 2 or multiple inputs change together .

i have a form which inside a v-for it generates some inputs one of that inputs is the price input which i want to enter price for one input and it effects all other inputs so here is my code :

<td>
   <div class="control-group" :class="[errors.has(variantInputName + '[price]') ? 'has-error' : '']">
   <input type="number" v-validate="'required|min_value:0.0001'" v-model="variant.price" :name="[variantInputName + '[price]']" class="control" data-vv-as="&quot;{{ __('admin::app.catalog.products.price') }}&quot;" step="any"/>
   <span class="control-error" v-if="errors.has(variantInputName + '[price]')">@{{ errors.first(variantInputName + '[price]') }}</span></div>
</td>

this the part that generates input and some where above i have the loop :

  <tbody>
<variant-item v-for='(variant, index) in variants' :variant="variant" :key="index" :index="index" @onRemoveVariant="removeVariant($event)"></variant-item>
 </tbody>

so for example for a product with 2 variants this code generates this :

<td><div class="control-group"><input type="number" name="variants[4344][price]" data-vv-as="&quot;price&quot;" step="any" class="control" aria-required="true" aria-invalid="false"> <!----></div></td>

.
.
.
.
<td><div class="control-group"><input type="number" name="variants[4345][price]" data-vv-as="&quot;[price&quot;" step="any" class="control" aria-required="true" aria-invalid="false"> <!----></div></td>

so what i want to do now is when i enter some number is one of inputs or the first one which is generated the others fill with the same value i inserted to it . thanks in advance

thanks man i think this solution of middle ware is the best for now to keep it simple and safe though as others said it may not be completly secure but its fine for now . but this question remains in my head and i have to search about it that :

1-are all apis public and anyone call them to use them for any purpose as we said apis doesn't have CSRF protection

2-is there any offical way on documentation to protect apis from being called from out side .

any way @laracoft @michaloravec @automica i thank you all for helping me in this topic i really appreciate that time <3

@laracoft thanks but i cant use this as my company needs the user to insert mobile number first step send a verification code and then register him and that person is using this api to send some messages to some random numbers so i think i cant use laravel default and sms verification after register method .

well thanks if the Csrf is not the Answer here which is not because its Api then i think i should stick to the token and pass it in header right ??? i am a bit confused because i dont know how to authenticate the user because its an step before registration .

i think first i remove the api from exceptions of csrf and then place a token in .env and then call it in api header i think that would be fine to secure that twice :P so i guess i do both of your solutions

well its api/* which i think its all my apis

just for the record now that we talked about csrf i went to check the verifyCsrfToken.php and gues what i found one my team mates added this to the file :

 /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        'api/*',
        'api/v1/*',
        'users/join/login',
        '/users/notification',
        '/users/social',
    ];

and i am sure that this is how they call my api and abuse it because i dont have a stand alone vue project and my vue is withing laravel . is that right ???

yes right that's exactly my problem and your solution would solve this . thanks the answer and explanations it helped

i am a bit confused . you mean that from vue i have to generate a jwt token and pass it in api header ?? can you please explain a bit more . thanks

i have an authentication sms api which send a code to user to insert and i authenticate or register user . now my problem is that someone is calling that api from the outside of my server to random numbers and causing me some charge .now i come up with this idea that i could block all the requests but from my own server . then i came across CORS and fruitcake/laravel-cors . after installing and configuring the package now i have this key in my header :

Access-Control-Allow-Origin https://mydomain.com/

i am seeing that in my response in postman . now i think i my self should not be able to call that in my post man but i can and it sends sms so i think if i can call it from local and post man why not some one else . is that true and my problem yet exists ? or i solved that with that header which was added to request ?

i have a model and a relationship which i want to append a column from a relationship to the model so every time every where that the model is called that column from the relationship should be shown in model column . i want to sort the model by that column and the second problem is that the column is updated_at so if i can rename that to any other column name that would be very fine . so here is my relationship and model code : my model :

  public function setUpdatedAtAttribute(){
	    $this->statusHistory->updated_at;
    }

thanks this helped me i just put the wrong path to the config <3