Hi, I just recently finished a spa forum so I thought I may give some advice. I am by no means an expert so take my tips with a grain of salt.
1- Sessions
I have created a mixin and all components that need to check the session can run checkIfLogged() method.
var isLoggedMixin = {
methods: {
checkIfLogged(){
var vm = this;
return new Promise((resolve, reject) => {
axios.get('/sessionStatus')
.then(response => {
resolve(response.data.user);
})
.catch(error => {
reject(error.response.data);
});
})
}
}
}
export default isLoggedMixin;
The mixin performs a get request to the backend. The backend simply answers with a json containing the user if the user is logged else returns null:
Route::get('/sessionStatus', function() {
return ['user' => Auth::user() ? Auth::user()->load('profile') : null];
});
This is how I use it in my main app so as soon someone visits the site.
const app = new Vue({
el: '#app',
router,
mixins:[isLoggedMixin],
data: {
user: false
},
created(){
this.checkIfLogged()
.then(response => {
this.user = response ? response : false;
})
.catch(error => console.log(error));
}
Then based on $root.user you can do conditional rendering.
I just use checkIfLogged when app is created or when the user visits particular views that need user authentication.
1- Roles
Taking from the point 1 I totally understand what you mean. That's why this is just a simple auth to block the random unexperienced user from some views or actions. (In my case a guest shouldn't be able to create new threads). You will still need basic auth in the backend. For instance in my case if a user wants to create a new thread.
methods: {
sendPost(){
var vm = this;
this.form.post('/channels/'+this.channel+'/threads')
.then(response => vm.$router.push({path: '/'+this.channel+'/'+response}))
.catch(error => {
let out = '';
Object.keys(error).forEach(field => out += error[field] +'\n' );
this.showError(out);
});
}
},
The form posts to
Route::post('channels/{channel}/threads', 'ThreadsController@store')->middleware('auth');
And in controller method you perform your validation of request and other stuff. For some routes you can make your own middleware.
For instance if a user wants to edit a reply I use policies to assure that the user is the actual creator. Check them here https://laravel.com/docs/5.4/authorization#generating-policies
3-Urls and Redirects
To modify the auth default controller checkout the Illuminate\Routing\Router.php file. There you can see the auth routes and which controller methods are called.
To modify for instance the redirects after login you head to the App\Http\Controllers\Auth\LoginController.php. There you can see
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers;
So checkout the trait and override inside the controller any method that you want to change. I did override
/**
* Send the response after the user was authenticated.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
protected function sendLoginResponse(Request $request)
{
$request->session()->regenerate();
$this->clearLoginAttempts($request);
return response(['user' => auth()->user()->load('profile')], 200);
}
to return a simple json instead of redirect. Than on front end you handle the response as you like.
As for your last point in the router file you can see how all routes map to each other controller.
