Level 73
Why do you need a middleware for changing the expiration time when you can do it through the config?
1 like
Aug 9, 2024
10
Level 63
Access the authenticated user inside a middleware
Hello,
I need to refresh the expiration date for the Sanctum API token.
So I have created a middleware with this code.
$request->user()->currentAccessToken()->forceFill([
'expires_at' => now()->addHour(),
])->updated();
I'm using the middleware for all API routes and I have placed it after the auth:sanctum middleware to be sure that the authentication has been done.
Route::prefix('/v1')->middleware(['auth:sanctum', RefreshApiTokenExpirationMiddleware::class])->group(function () {
But I get an error saying that $request->user() is null.
Why ?
Any idea ?
Thanks for your help.
V
Level 63
@Nakov Hmmm ... no no ... the middleware is to change the expired_at field each time a request is done to the server.
1 like
Level 63
@Nakov I have just added a condition if ($request->user()) and it works.
Level 73
@vincent15000 not sure if that's a solution.. it will work if there is a user, but what if it is null as the case you had above. Which I am not sure why that can be, other that you have multiple guards implemented so you have to specify the custom guard like this $request->user('api') as an example.
I tried it myself in an app that I have using sanctum, and the user is there for me, I used the log to check if it will print something.
1 like
Level 63
@Nakov I have checked with your suggestion, but it doesn't work for me.
Level 63
@Nakov If there is no user, it passes to the next middleware.
Level 73
@vincent15000 That can't be truth. I just removed the token, and tried to access the route, there is nothing in the log.. even adding a simple message does not show.
Anyway, I would rather use Auth::check() and then redirect the user to another page, rather then allowing a route from the group to be accessed even without a user being available.
Because that middleware should not run at all if there is no authenticated user, same with routes in the group..
From what you are saying, that means that even if the user is null and the middleware is still running, then the routes in the groups should run as well, which means no security at all.
1 like
Level 63
@Nakov Yes that's true, but I think that I just don't know where to put the middleware in the new Laravel version (11) in comparison with the previous versions where it was easy to order the middlewares as needed.
Level 122
remember where you put the middleware in the stack is important.
1 like
Level 63
@Snapey With Laravel 11, I don't know where to put the middleware else than mentioned in the documentation.
https://laravel.com/docs/11.x/middleware#global-middleware
Oh ... I just understand what you mean.
No need to add the middleware as a global middleware, I just need to assign the middleware to the API routes.
https://laravel.com/docs/11.x/middleware#assigning-middleware-to-routes
Please or to participate in this conversation.