Level 53
Can you show the code of the middleware class (myscope:view-photos) ?
In middleware you usually call $next($request); passing the request to the next middleware or eventually; the controller.
It seems there's something going wrong there.
Apr 14, 2018
4
Level 3
API route returns empty array however outside the middleware group the correct response is returned
I have a route defined to return an array of image urls from my database. The route is defined in the api.php file as this:
Route::middleware(['auth:api'])->group(function () {
Route::middleware(['myscope:view-photos'])->get('/snapshots/photos','PhotoController@getPhotos');
});
In my PhotoController the function looks like this:
public function getPhotos(Request $request){
dd($request);
// $this->validate($request, [
// 'file_type_id'=>'required',
// 'photo_id'=>'required'
// ]);
$ret = File::where('photo_id',$request->photo_id)->get();
return $ret;
}
When I make that request with a logged in user I get an empty array "[]". The request parameters are not printed out.
I have other routes with the same scope and data is returned no problem. The controllers can do their work. However this particular request doesn't return anything from the controller.
So it must be something to do with authentication/middleware, however I am not sure. The reason I say this is because if I pull the route out of the scoped middleware group it returns as expected.
Any ideas?
Thanks in advance for any assistance.
Level 3
Sure no problem.
<?php
namespace App\Http\Middleware;
use Illuminate\Auth\AuthenticationException;
use Laravel\Passport\Exceptions\MissingScopeException;
class MyCheckAnyScope
{
/**
* Handle the incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param mixed ...$scopes
* @return \Illuminate\Http\Response
* @throws \Illuminate\Auth\AuthenticationException|\Laravel\Passport\Exceptions\MissingScopeException
*/
public function handle($request, $next, ...$scopes)
{
//user must be logged in
if (! $request->user() || ! $request->user()->token()) {
throw new AuthenticationException;
}
foreach ($scopes as $scope) {
if ($request->user()->tokenCan($scope)) {
return $next($request);
}
}
throw new MissingScopeException($scopes);
}
}
This middleware is used throughout my SPA so all other routes have worked great with various different scopes used. (As well as some routes using the same scope)
By the way I realise this is very similar if not the same to the stock auth middleware, I have plans to modify this at a later stage.
Level 3
For anyone watching this discussion. I have stepped through the code and I am investigating a possible bug.
I have 3 routes that are GET requests and the root of the url begins with "/snapshots".
The URLs are all different but the root is the same. Based on this all the 3 routes are calling the same controller method "index()" in my case. And I obviously didn't cater for this my 3rd case as it should not be using that method so I got an unexpected result.
I will try reproduce on a clean build of Laravel and see if it has been resolved.
Will post back once I have worked it out.
Level 3
Ok I have resolved the issue. No bugs to report.
What was happening is that I had a route with a wildcard above my /snapshots/photos route that was getting triggered before the actual route defined.
Therefore the wrong method in the controller was triggered.
Adding to this is that I had debug set to false in my .env file so I couldn't see any errors once I had in fact got the routing correct.
All in order now.
Thanks
Please or to participate in this conversation.