I'm currently working on BigCommerce application using Reactjs and Laravel. To install app in BigCommerce, there are three important routes (install, load and uninstall). I placed them in the web.php file. The view route is also in the web.php file. All others routes are placed in api.php file.
At the start, I get the logged in client in PHP and I store the data in the session. But after redirect, the session is lost and a new one is created for each request (redirection and api calls).
The only way I keep the same session is when I return a view instead of redirect url. However, I can't return view because I'm using React and not blade views as front.
Has anyone ever had this problem before and find a way to persist session ?
Per the comments -- This was solved by having all routes in the web.php file and utilizing Laravel Sanctum to allow the persistence of the session and protect to the routes access. :)
Related
I’m not sure if “catch all” would be the correct term here, but how do you block access to page routes (not API) including any slug that comes after the first slug. Also, I’m using Nextjs and NextAuth
Ie. Allow all-auth-users access but not public access to:
/account/userid
Ie. Allow only logged in session user access to:
/account/userid/actions
Ie. Still only allow logged in session user access to:
/account/userid/actions/create
The only way I can think of doing this is by detecting router paths via useRouter and then adding specific wrapper components with session logic around /account/userid/ and different session logic for around /account/userid/actions.
Is this the correct/best way to go about this?
You can configure a middleware.ts file and define which routes you wish users to have access to. More on nextjs middleware here https://nextjs.org/docs/advanced-features/middleware. And as for authorization of each route via middleware, you can read more about that here https://next-auth.js.org/configuration/nextjs
I'm building a bit web app where user can save his websites.
My problem is that Auth::check() returns false even if me as user I'm logged in when I try to get data throw API.
I use one WebsiteController and I put the route to this controller inside api.php route folder.
I can access http://localhost:8000/website but not http://localhost:8000/api/website.
I'm biginner, please any one can help me ?
Register API routes in the routes/api.php file. In Laravel, API
routes and web routes are registered in separate files to avoid
mixing them all up.
After authentication, store the token in local storage and send
those access token details in each request header.
Ref Sample here : https://medium.com/#Gbxnga/token-based-authentication-with-react-and-laravel-restful-api-83f16581e85
Assumption / understanding **: As per the Given brief information, you are tryign to create a CRUD application in react and it calls Laravel API to manage those websites ?
**Note: On what you are tryign to accomplish with /api/someroute (is my assumption / understandig is correct?) and where you are calling it in react. Those code snippets you should share and what is expected - when that service call is happneing. Example Return a json and prepoulate list of added websites in home page etc . And instead of happening that, it redirects user to /someroute ? .
According to this link: http://www.django-rest-framework.org/tutorial/4-authentication-and-permissions/#adding-login-to-the-browsable-api
I need to add the following code to my URLs.py:
url(r'^api-auth/', include('rest_framework.urls',
namespace='rest_framework')),
When I added this, users can log in by going to the "api-auth" URL and using the default DjangoRestFramework login interface. After a successful login, users are directed to "/test" because I have the following code in my settings.py:
LOGIN_REDIRECT_URL = '/test'
I wanted a way for users to be able to log-in using my own custom interface but by using DjangoRestFramework's built-in code for logging users in, so I created my own template. The login form in the template sends a post request to
api-auth/login/
and sends the user object (which consists of a username and password in JS) along with the POST request. No errors are returned, so I'm assuming the login is successful. However, it does not redirect to any URL (I was expecting it to redirect to "/test").
Any idea why it does not redirect anywhere, and how I can make it redirect to "/test"?
Edit: I am also using AngularJS on the frontend.
LOGIN_REDIRECT_URL is basically from django.contrib.auth so I wouldn't except other auth backends to use it, at least not necessarily/automatically
Also if you're logging through REST say from an AngularJS, even if after the REST API login is successful and returns a redirect response, there is no guarantee that the AngularJS app will navigate to that page because the login REST API was hit using an XHR request (from $http or $resource etc)
I'm using a slightly different REST auth lib than you, called django-rest-auth (not the BrowsableAPI that comes with DRF), I'm authenticating from AngularJS, and after the call is done with success, I simply navigate the app to a new URL
djangoAuth.login(username, password).then(function(){
// make angularJS navigate to new page when login is successful
// $location.path(...) or some other way
});
Bottom line is, since you have an auth API, you can make a small AngularJS page, with login form, then when login is successful redirect with AngularJS
Worth a look
I'm using these two libs that are meant to be used together, they offer REST auth over DRF, and optional a AngularJS lib to help with the frontend
https://github.com/Tivix/django-rest-auth
https://github.com/Tivix/angular-django-registration-auth
I'm using Laravel 5 with AngularJS for a project, in a way so that Laravel is used as an API and the API routes are in Laravel, while the client side routes are in AngularJS (app.js).
Is it possible to use Laravel Middleware to protect AngularJS routes, so for example, I want it to use the RedirectIfAuthenticated Middleware on the angular login form page route so people can't go to that page if they are logged in, except normally as far as I know, the middleware is specified in the Laravel controller, which doesn't have logic for angular side routes - hence, the problem.
So the question is, can I use Middleware or do I have to make angular send a get request asking laravel if the user is logged in on every page? Wouldn't that be less secure?
What I ended up doing was making a client-side cookie on login in angular to keep track of whether the user is logged in or not for user experience purposes (hiding information, redirecting before the view is rendered), and using Laravel Middleware to protect API calls to make sure the user can't interact or get information from the API on the server and to keep it secure in case the user changes their cookie to lie about their login status.
Alternatively, you could also send a request to the server before each page loads instead of the cookie check, but that adds quite a bit more overhead, and isn't any more secure - as far as I know, since that API call to check if the user is logged in is just for UX purposes too and the javascript for that can be removed by a malicious user.
I have certain knowledge using Bakcbone.js, and my backend is Restlet Java, but have no idea regarding user authentication
I have built a single-page web app using them, but now the problem arises that, what I am going to do after user login? There are pages that can be viewed by both logged in and not logged in user, and logged in users should be able to see additional content.
By default the page uses http, but after user Login, suppose an Ajax Post, how do I switch entire Backbone App from http to https? And suppose user logs out, how do I switch back?
Are there any convient ways just to switch all my routes in Router, Url/Urlroots in Collection/Model between Http and Https? (using relative address)
Can I deal with this using Server Redirect..and how can I do that, doesn't that make Http and Https sections completely separated like two apps?
woha - that's a lot stuff you are thinking ..half of which doesn't even belong to Backbone's scope.
Let's split this up:
but have no idea regarding user authentication
read this. I just answered this yesterday.
what I am going to do after user login?
the normal pattern here is that login is usually one page. If the user successfully logs in then she is redirected to another page which has all the Backbone stuff in it e.g. take a look at a backbone app classdojo.com . Login is simple HTML with no fancy stuff. Once user logs in, she navigates to a single-page app with all heavy client side.
Are there any convient ways just to switch all my routes in Router, Url/Urlroots in Collection/Model between Http and Https? (using relative address)
Backbone Router ONLY looks at the route which comes '#' e.g. in example.com/user#details Backbone router will only navigate based on #details . It has nothing to do with your http protocol.
Your Url/Urlroots can be relative or absolute both. So you can specify full URL with http protocol in them.