erjanmx / laravel-api-auth
Dead simple Laravel api authorization middleware
Installs: 22 481
Dependents: 0
Suggesters: 0
Security: 0
Stars: 19
Watchers: 2
Forks: 2
Open Issues: 1
Requires (Dev)
- mockery/mockery: 0.9.*
- phpunit/phpunit: ~5.0
This package is auto-updated.
Last update: 2024-12-08 23:12:36 UTC
README
Laravel Api Auth
Laravel gives easy ways to handle api authorization using user based tokens, but sometimes you need to use a single token to give access to your application, especially when you're developing two apps that need to be connected, or perhaps you're in need of connecting Telegram-bot to your app endpoint using webhooks
Laravel-api-auth makes that easy as breathe, no migrations, no models
Installing package
If you're using Laravel prior to 5.5, consider using v0.1 branch
$ composer require erjanmx/laravel-api-auth
Publish the Package configuration
$ php artisan vendor:publish --provider="Apiauth\Laravel\CAuthServiceProvider"
Using package
Step 1
Change defaults in config/apiauth.php
<?php return [ 'services' => [ 'MY_APP' => [ // this is the name of the middleware of route group to be protected 'tokenName' => 'api_token', // name of key that will be checked for secret value 'token' => env('MY_APP_TOKEN'), // secret value that is retrieved from env vars and needs to be passed in requests in order to get access to your protected urls 'allowJsonToken' => true, 'allowBearerToken' => true, 'allowRequestToken' => true, ] ], ];
Step 2
- Add your secret value in
.env
file
// .env
...your other variables
MY_APP_TOKEN=my-secret
Step 3
- Add group with middleware in your routes file
Route::group(['prefix' => 'api', 'middleware' => ['apiauth:MY_APP']], function () { // note the `MY_APP` that should match the name in your config we changed above Route::any('/', function () { return 'Welcome!'; }); });
That's it
Your urls within your group are accessible only if valid token provided
- In
GET
orPOST
request
- In request header as
Authorization Bearer
(tokenName
is ignored in this case)
- In
json
raw body
You're free to change token name (api_token
by default) in configuration file as well as
authorization methods to be checked.
Also you can set as many services as you want.