custom-d / api-authentication
A api authentication
Requires
- php: ^8.1
- illuminate/support: ^9.0|^10.0
- laravel/ui: ^4.0
Requires (Dev)
- laravel/passport: ^10.0|^11.0
- nunomaduro/larastan: ^2.0
- orchestra/testbench: ^7.0|^8.0
- phpunit/phpunit: ^9.0|^10.0
README
Package description: Quick start api authentication for Laravel & Passport / Airlock
Installation
Install via composer
composer require custom-d/api-authentication
Publish Configuration File
Publishing configuration file is optional, but allows you to set a defaults such as whether your Laravel instance is using username
vs email
field for authentication.
php artisan vendor:publish --provider="CustomD\ApiAuthentication\ServiceProvider" --tag="config"
Alternatively, you can use the following environment variables.
Environment Variable | Default | Description |
---|---|---|
CD_API_AUTH_COOKIE_NAME | 'cd-api-token' | cookie to parse from request — recommended to set different values when you have multiple environments under a single domain, e.g. www.xxx, testing.xxx |
CD_API_AUTH_TOKEN_LIFETIME | 2 | hours |
CD_API_AUTH_TOKEN_REFRESH | 12 | hours |
CD_API_AUTH_TOKEN_REMEMBER | 120 | hours |
CD_API_AUTH_THROTTLE_ATTEMPTS | 10 | no of attemps |
CD_API_AUTH_THROTTLE_LOCKOUT | 1 | minutes |
CD_API_AUTH_USERNAME_FIELD | 'email' | database field to use for login |
Add Middlewares
Add the following update to the App\Http\Kernel.php
file: under middlewareGroups.api
'api' => [
...
\CustomD\ApiAuthentication\Http\Middleware\CheckHTTPS::class, //Optional if you want to enforce ssl on all the api routes.
\CustomD\ApiAuthentication\Http\Middleware\BearerToken::class,
\Phpsa\LaravelApiController\Http\Middleware\SnakeCaseInputs::class,
],
and (before the authentication middleware) (Laravel 7 only)
protected $middlewarePriority = [
\App\Http\Middleware\EncryptCookies::class,
\CustomD\ApiAuthentication\Http\Middleware\BearerToken::class,
...
and add into the $routeMiddlware array:
'checkHTTPS' => \CustomD\ApiAuthentication\Http\Middleware\CheckHTTPS::class,
'cookie.token' => \CustomD\ApiAuthentication\Http\Middleware\BearerToken::class,
Usage
Add to your routes/api.php (or alternatively overwrite and point the routes to your local versions).
<?php
use CustomD\ApiAuthentication\Http\Controller\ApiVerificationController;
use CustomD\ApiAuthentication\Http\Controller\ApiLoginController;
use CustomD\ApiAuthentication\Http\Controller\ApiRegisterController;
use CustomD\ApiAuthentication\Http\Controller\ApiResetPasswordController;
use CustomD\ApiAuthentication\Http\Controller\ApiForgotPasswordController;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/
Route::group([
'middleware' => ['checkHTTPS', 'cookie.token'],
'as' => 'api.',
'namespace' => 'Api',
], function () {
Route::group(
[
'prefix' => 'auth',
'as' => 'auth.',
'namespace' => 'Auth',
],
function () {
Route::post('login', [ApiLoginController::class, 'login'])->name('login');
Route::post('reset', [ApiResetPasswordController::class, 'reset'])->name('resetpassword');
Route::post('forgotten', [ApiForgotPasswordController::class, 'sendResetLinkEmail'])->name('forgotpassword');
Route::get('verify_email', [ApiVerificationController::class, 'verify'])->name('email.verify');
Route::post('register', [ApiRegisterController::class, 'register'])->name('register');
Route::group([
'middleware' => 'auth:api',
], function () {
Route::get('logout', [ApiLoginController::class, 'logout'])->name('logout');
});
}
);
});
you will now have the following routes available:
- POST api/auth/forgotten
- POST api/auth/login
- GET api/auth/logout
- POST api/auth/register
- POST api/auth/reset
- GET api/auth/verify_email
Password hashing
This package provides a HashPassword
trait for use in models with a password
attribute. This will automatically hash passwords using Hash::make
. In your model:
<?php
namespace App\Models;
use CustomD\ApiAuthentication\Models\Contracts\HashPassword;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable
{
// ...
use HashPassword;
}
Extending
Simply in your own app/Http/Controllers/Api
folder add your own method extending the default ones to override.
Security
If you discover any security related issues, please email instead of using the issue tracker.
Credits
This package is bootstrapped with the help of melihovv/laravel-package-generator.