jhumanj / laravel-signed-auth-middleware
A Laravel package that can authenticate users using signed links
Requires
- php: ^7.4|^8.0
- illuminate/contracts: ^8.0
- spatie/laravel-package-tools: ^1.1
Requires (Dev)
- orchestra/testbench: ^6.12
- phpunit/phpunit: ^9.3
- spatie/laravel-ray: ^1.9
- spatie/ray: ^1.19
- vimeo/psalm: ^4.4
This package is auto-updated.
Last update: 2024-10-16 03:32:47 UTC
README
A simple, safe magic login link generator for Laravel
This packages allows you to generate links that will authenticate your users. You can use this for password-less applications, or simply to authenticate users from links your application sends (via email, text message etc.).
Why this package
I started to use laravel-passwordless-login package by grosv and it worked very well. Unfortunately, because of the redirection, I had some troubles with Google analytics and UTM tracking. I wanted to extend the package, but then realized that there wasn't a trivial solution, as utm tracking parameters should not be used in the context of intenal website navigation. Hence I created this package, which is very strongly inspired by laravel-passwordless-login.
Signed Auth Middleware package allows you to generate signed links that will automatically authenticate your users using
a middleware (without any redirect).
Unlike laravel-passwordless-login, this package does not support
the use-once
link feature.
Installation
You can install the package via composer:
composer require jhumanj/laravel-signed-auth-middleware
You can publish the config file with:
php artisan vendor:publish --tag="laravel-signed-auth-middleware-config"
This is the contents of the published config file:
return [ 'signature_param_name' => 'auth-signature', 'default_expire' => 60, 'remember_login' => true, 'user_guard' => 'web' ];
Usage
Setting up middleware
The first thing to do is to setup the middleware. The middleware needs to be registered before the auth middleware. You
can achieve that by adding the HasSignedAuth
trait to your App\Http\Kernel.php
file:
use Illuminate\Foundation\Http\Kernel as HttpKernel; use JhumanJ\LaravelSignedAuthMiddleware\Traits\HasSignedAuth; class Kernel extends HttpKernel { use HasSignedAuth; // ... public function __construct(Application $app, Router $router) { parent::__construct($app, $router); $this->setupSignedAuthMiddleware(); } }
Then you have two options: use the middleware on all or your routes or not. To add the middleware to all your routes, add the middleware to the web middleware group.
// App/Http/Kernel.php protected $middlewareGroups = [ 'web' => [ // ... \JhumanJ\LaravelSignedAuthMiddleware\SignedAuthMiddleware::class, ], ];
Now if you don't want to use the middleware on all of your web routes you can also define a route middleware like this:
// Kernel.php protected $routeMiddleware = [ 'auth.signed' => \JhumanJ\LaravelSignedAuthMiddleware\SignedAuthMiddleware::class, ];
And then use it as follows in your route file:
// routes/web.php Route::get('/', function () { return view('welcome'); })->middleware('auth.signed','auth');
Creating auth signed links
Here is how to generate a signed link that will authenticate your users:
use JhumanJ\LaravelSignedAuthMiddleware\Facades\SignedAuth; $signedUrl = SignedAuth::forUser($user) ->route('welcome') ->generate();
You can also override the default expiry time:
use JhumanJ\LaravelSignedAuthMiddleware\Facades\SignedAuth; $signedUrl = SignedAuth::forUser($user) ->expired(60*24) // expires in 24 hours ->route('welcome') ->generate();
Or you set it to never expire:
use JhumanJ\LaravelSignedAuthMiddleware\Facades\SignedAuth; $signedUrl = SignedAuth::forUser($user) ->neverExpires() ->route('welcome') ->generate();
If you need to add some more parameters, just proceed as you would do it with the normal route()
method:
use JhumanJ\LaravelSignedAuthMiddleware\Facades\SignedAuth; $signedUrl = SignedAuth::forUser($user) ->route('welcome',[ 'utm_source' => 'source', 'utm_medium' => 'medium', 'utm_campaign' => 'utm_campaign' ]) ->generate();
Testing
Please make sure that all package tests are running successfully before sending a pull request.
composer test
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Please contribute if you want to help me maintain this package or just make it better. Be nice to each other.
Reporting Issues
For security issues, please contact me directly on twitter or via email at julien@nahum.net. For any other problems, use the issue tracker here.
License
The MIT License (MIT). Please see License File for more information.