Level 75
That's what auth means, logged in.
Any routes not requiring it just don't group under that middleware.
Apr 21, 2019
5
Level 1
skip auth when using certain route prefixes
Pretty new to Laravel (5.8).
Is it possible to disable authentication for specific (signed) routes / route groups? The use case: create+use share links that don't require login.
I would like to have signed routes with prefix (e.g. "share/order/1234?signature=xyz") that can be accessed without logging in.
My controller has __construct() with $this->middleware('auth');
And I grouped the share routes:
// regular route (login required)
Route::get('timeline/{date}', 'MapController@timelineDate')
->name('timeline.date')
...
// route group for shared versions of the route --- should not require login
Route::prefix('share')->name('share.')->group(function() {
// http://.../share/timeline/2019-04-21?signature=xyz --> share.timeline.date
Route::get('timeline/{date}', 'MapController@timelineDate')
->name('timeline.date');
...
});
Suggestions on how to achieve this?
I looked at adding except to the controller construct, but was not sure what to put there. Was looking if I can / need to modify the route group.
Update: expanded the routes details with more complete example of current situation.
Level 1
Do you have suggestions of what should be changed?
Both the logged in + guest versions (should) use the same controller (with the default construct that has auth middleware enabled). The route group doesn't have middleware specified.
E.g. remove the middleware from the construct and explicitly create auth and non-auth version of the route groups? I would prefer to have the controller protected by default, and specify exceptions for certain route prefixes.
Level 1
This is how I solved it now. But interested to hear if this is the recommended way.
Http/Controllers/MapController.php
public function __construct() {
$this->middleware('auth')->except(['shareTimelineDate']);
}
public function shareTimelineDate($date) {
return $this->timelineDate($dateRange);
}
public function timelineDate($date) {
...
}
routes/web.php
// regular route (login required)
Route::get('timeline/{date}', 'MapController@timelineDate')
->name('timeline.date')
// route group for shared versions of the route
// middleware: make sure they are correctly signed
// calling specific "share" version of the method (and in controller: add that one to the middleware except)
Route::prefix('share')->name('share.')->middleware(['signed'])->group(function() {
Route::get('timeline/{date}', 'MapController@shareTimelineDate')
->name('timeline.date');
});
// in blade, e.g.:
// app('url')->signedRoute('share.timeline.date',['2019-04-21']);
// http://.../share/timeline/2019-04-21?signature=xyz --> share.timeline.date --> MapController@shareTimelineDate
Level 1
And the other solution. Here I let the controller check the request's route prefix to decide if auth middleware is needed.
Http/Controllers/MapController.php
public function __construct() {
if (request()->route()->getPrefix() !== '/share') $this->middleware('auth');
}
public function timelineDate($date) {
...
}
routes/web.php
// regular route (login required)
Route::get('timeline/{date}', 'MapController@timelineDate')
->name('timeline.date')
// route group for shared versions of the route
// middleware: make sure they are correctly signed
// calling regular version of the method (timelineDate)
Route::prefix('share')->name('share.')->middleware(['signed'])->group(function() {
Route::get('timeline/{date}', 'MapController@timelineDate')
->name('timeline.date');
});
// in blade, e.g.:
// app('url')->signedRoute('share.timeline.date',['2019-04-21']);
// http://.../share/timeline/2019-04-21?signature=xyz --> share.timeline.date --> MapController@timelineDate
Level 35
Yes it is, For any controller method you dont want to use auth middleware for just include it in the array in except helper. like so
$this->middleware('auth')->except(['shareTimelineDate','timelineDate']);
and it will all workout.
Please or to participate in this conversation.