custom-d/api-authentication

A api authentication

v2.0.0 2022-03-17 22:35 UTC

README

Build Status styleci Scrutinizer Code Quality SensioLabsInsight Coverage Status

Packagist Packagist Packagist

Package description: Quick start api authentication for Laravel & Passport / Airlock

Installation

Install via composer

composer require custom-d/api-authentication

Publish Configuration File

Publishing configuration file is optional, but allows you to set a defaults such as whether your Laravel instance is using username vs email field for authentication.

php artisan vendor:publish --provider="CustomD\ApiAuthentication\ServiceProvider" --tag="config"

Alternatively, you can use the following environment variables.

Environment VariableDefaultDescription
CD_API_AUTH_COOKIE_NAME'cd-api-token'cookie to parse from request — recommended to set different values when you have multiple environments under a single domain, e.g. www.xxx, testing.xxx
CD_API_AUTH_TOKEN_LIFETIME2hours
CD_API_AUTH_TOKEN_REFRESH12hours
CD_API_AUTH_TOKEN_REMEMBER120hours
CD_API_AUTH_THROTTLE_ATTEMPTS10no of attemps
CD_API_AUTH_THROTTLE_LOCKOUT1minutes
CD_API_AUTH_USERNAME_FIELD'email'database field to use for login

Add Middlewares

Add the following update to the App\Http\Kernel.php file: under middlewareGroups.api

'api' => [
            ...
            \CustomD\ApiAuthentication\Http\Middleware\CheckHTTPS::class, //Optional if you want to enforce ssl on all the api routes.
            \CustomD\ApiAuthentication\Http\Middleware\BearerToken::class,
            \Phpsa\LaravelApiController\Http\Middleware\SnakeCaseInputs::class,
        ],

and (before the authentication middleware) (Laravel 7 only)

protected $middlewarePriority = [
        \App\Http\Middleware\EncryptCookies::class,
        \CustomD\ApiAuthentication\Http\Middleware\BearerToken::class,
    ...

and add into the $routeMiddlware array:

        'checkHTTPS' => \CustomD\ApiAuthentication\Http\Middleware\CheckHTTPS::class,
        'cookie.token' => \CustomD\ApiAuthentication\Http\Middleware\BearerToken::class,

Usage

Add to your routes/api.php (or alternatively overwrite and point the routes to your local versions).

<?php


use CustomD\ApiAuthentication\Http\Controller\ApiVerificationController;
use CustomD\ApiAuthentication\Http\Controller\ApiLoginController;
use CustomD\ApiAuthentication\Http\Controller\ApiRegisterController;
use CustomD\ApiAuthentication\Http\Controller\ApiResetPasswordController;
use CustomD\ApiAuthentication\Http\Controller\ApiForgotPasswordController;

/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/

Route::group([
    'middleware' => ['checkHTTPS', 'cookie.token'],
    'as' => 'api.',
    'namespace' => 'Api',
], function () {
    Route::group(
        [
            'prefix' => 'auth',
            'as' => 'auth.',
            'namespace' => 'Auth',
        ],
        function () {
            Route::post('login', [ApiLoginController::class, 'login'])->name('login');
            Route::post('reset', [ApiResetPasswordController::class, 'reset'])->name('resetpassword');
            Route::post('forgotten', [ApiForgotPasswordController::class, 'sendResetLinkEmail'])->name('forgotpassword');
            Route::get('verify_email', [ApiVerificationController::class, 'verify'])->name('email.verify');
            Route::post('register', [ApiRegisterController::class, 'register'])->name('register');
            Route::group([
                'middleware' => 'auth:api',
            ], function () {
                Route::get('logout', [ApiLoginController::class, 'logout'])->name('logout');
            });
        }
    );
});

you will now have the following routes available:

  • POST api/auth/forgotten
  • POST api/auth/login
  • GET api/auth/logout
  • POST api/auth/register
  • POST api/auth/reset
  • GET api/auth/verify_email

Password hashing

This package provides a HashPassword trait for use in models with a password attribute. This will automatically hash passwords using Hash::make. In your model:

<?php

namespace App\Models;

use CustomD\ApiAuthentication\Models\Contracts\HashPassword;

use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable
{
    // ...
    use HashPassword;
}

Extending

Simply in your own app/Http/Controllers/Api folder add your own method extending the default ones to override.

Security

If you discover any security related issues, please email instead of using the issue tracker.

Credits

This package is bootstrapped with the help of melihovv/laravel-package-generator.