Level 102
If the route is handled entirely in the browser then no. If laravel handles the routes (eg inertia) then yes
Oct 15, 2022
5
Level 2
protecting my Vue routes with middle ware?
Hi there,
Is there any way to protect a vue route or check if the user is admin with middleware ?
Many thanks
Level 2
this is my web.php
Route::get('/', function () {
return redirect('login');
});
Auth::routes();
Route::middleware('auth')->group(function () {
Route::get('/{any}', [App\Http\Controllers\HomeController::class, 'index'])->where('any', '.*');
});
And the rest of the routes are in api.php
Route::middleware('auth:api')->get('/user', function (Request $request) {
return $request->user();
});
Route::middleware('auth:api')->post('/contract/create', [ContractsController::class,'create']);
Route::middleware('auth:api')->get('/user/contracts', [ContractsController::class,'user_contracts']);
Route::middleware('auth:api')->get('/user/contract/{id}', [ContractsController::class,'contract_show']);
Route::middleware('auth:api')->patch('/user/contract/{id}', [ContractsController::class,'contract_update']);
I just want to add one aditional get route for all the contracts but I want this to be accesible only for the admin user
Level 102
@doncho85 then add some new api routes with /admin. But you can only protect the api properly
You can also add another route group for admin in web.php but your frontend can still do whatever it wants
Route::middleware(['auth', 'admin'])->prefix(' admin')->group(function () {
Route::get('/{any}', [App\Http\Controllers\AdminController::class, 'index'])->where('any', '.*');
});
Level 2
@Sinnbeck this is the problem I want to protect the vue routes
Level 102
@doncho85 then you need to write some Javascript that tries to protect them. Like before going to a route you check if the user is allowed in Javascript. But be aware that it's handled in the users browser so they can try to get around it. On the pages themselves you can also do an ajax request to check if they are allowed and if not redirect them away
Please or to participate in this conversation.