ohffs/simple-api-key-middleware

Very basic API key middleware for Laravel

Maintainers

Details

github.com/ohnotnow/simple-api-key-middleware

Source

Issues

Installs: 4

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 3

Forks: 0

Open Issues: 0

1.0.3 2022-04-03 14:55 UTC

Requires

Requires (Dev)

MIT 0c5cfa4d3ee0ba3e299843dce3c8080b61965473

  • Ohffs <ohffsnotnow.woop@gmail.com>

This package is auto-updated.

Last update: 2025-03-01 00:37:37 UTC

README

This is a very basic middleware to check a bearer token on an incoming request.

Installation

composer require ohffs/simple-api-key-middleware
php artisan migrate

The migration will create a new database table called simple_api_keys. You can have a look in the packages migrations/ directory to see the details.

Usage

The package registers a middleware alias simple-api-key (mapped to \Ohffs\SimpleApiKeyMiddleware\ApiKeyMiddleware). To protect a given route you could do :

Route::get('/secret-stuff', [SecretStuffController::class, 'show'])->middleware('simple-api-key');

See the Laravel docs for more examples such as route groups or default middlewares.

To generate an API key from the CLI you can use the artisan command :

php artisan api-key:generate "Key for secret stuff"

Which will create the key with that description and show you the resulting token. You can remove a key by doing :

php artisan api-key:remove 14-2398adshh2349addasd7213402

(where the 14-2398... is the token you generated). You can also programmatically create a token :

$apikey = \Ohffs\SimpleApiKeyMiddleware\SimpleApiKey::generate('My new Token');
echo $apikey->plaintext_token;

The plaintext_token is only available on freshly created tokens.

To make a request using the token, you pass it as a regular bearer-token. Eg, with curl :

curl -H "Authorization: Bearer 12-sd8623hsdfi9823nsdf9sdf" https://example.com/secret-stuff

Or using Laravel's HTTP client :

$response = Http::withToken('12-sd8623hsdfi9823nsdf9sdf')->get('https://example.com/secret-stuff');

Configuration

The default configuration is as follows :

    // default length of generated api keys
    'token_length' => env('API_KEY_LENGTH', 64),
    // enable caching of token lookups
    'cache_enabled' => env('API_KEY_CACHE_ENABLED', true),
    // time to cache token lookup results
    'cache_ttl_seconds' => env('API_KEY_CACHE_TTL', 60),

You can set those environment variables, or if you run php artisan vendor:publish and pick the config from this package you can edit the resulting config/simple_api_keys.php file. By default the middleware will cache token lookups to save hitting the database for every one. If you are not using a cache such as Redis then you might want to disable the caching.