php - Globally accessible user object in controllers and models -

-

i'm building laravel api authenticates users using authentication token. routes need authentication, i'm wrapping them in auth filter:

route::group(array('before' => 'auth'), function() {     route::get('user/account', 'usercontroller@getaccountdetails'); });

my auth filter decrypts passed in authentication token , checks if it's valid:

route::filter('auth', function() {     // try catch because crypt::decrypt throws exception if it's not valid string decrypt     try {         $authtoken = crypt::decrypt(request::header('authorization'));          // if there's user tied auth token, it's valid         $user = authtoken::where('token', '=', $authtoken)->first()->user()->first();          if (!$user) {             throw new \exception();         }          // make user globally accessible in controllers      } catch (\exception $e) {         return response::json([             'data' => [                 'error' => 'you must logged in access resource.'             ],             'success' => false,             'status' => 403         ], 403);     } });

pretty simple stuff, i'm stuck on next part. want able retrieve current user record in controllers , models.

for example, if used laravel's auth library current user doing auth::user() in controllers. i'd have kind of functionality i'm not sure how build it. write class gets instantiated after authentication static method returns user model?

not sure if that's option you, maybe use oauth2 instead of writing "your own" token based authentication?

there quite nice ouath2 server wrapper laravel project: oauth2-server-laravel.

according it's documentation can (for example password flow authentication) put in it's config:

'password' => array( 'class'            => 'league\oauth2\server\grant\password', 'access_token_ttl' => 604800, 'callback'         => function($username, $password){      $credentials = array(         'email' => $username,         'password' => $password,     );      $valid = auth::validate($credentials);      if (!$valid) {         return false;     }      return auth::getprovider()->retrievebycredentials($credentials)->id; } )

and can can authenticate (via username , password in case) sending post request that:

post https://www.example.com/oauth/access_token? grant_type=password& client_id=the_client_id& client_secret=the_client_secret& username=the_username& password=the_password& scope=scope1,scope2& state=123456789

request return generated token, , can make api calls usual, putting token in post data.

in api logic getting user token quite simple in case, run:

user::find(resourceserver::getownerid());

it makes stuff like: refresh tokens, other grant flows, scope access, clients management lot easier. out of box in fact.

you can secure particular route that:

route::get('secure-route', array('before' => 'oauth', function(){     return "oauth secured route"; }));

you can find more details in oauth2-server-laravel documentation: https://github.com/lucadegasperi/oauth2-server-laravel

and oauth2 documentation: http://oauth.net/documentation/


Comments

Post a Comment

Popular posts from this blog

database - VFP Grid + SQL server 2008 - grid not showing correctly -

-
i having problem, have grid called "gridbasica" , this: thisform.gridbase.recordsource = "sgviemp" sgviemp cursor made executing select sqlserver command sqlexec. when want modify registry, go form , the update there. so, when come form grid, grid isnt grid anymore, big white rectangle. reading around said: delete recordsource , asingt again. thisform.gridbase.recordsource = "" *--i sqlexe here thisform.gridbase.recordsource = "sgviemp" i , works, but, when click button modify again cursos updated modify form doesnt load fields did first time. could me out that? thanks in advance. --------------- edit ------------------ i have been doing recommended: lnselect = select(0) n = sqlexec(thisform.conexion,"select emp_ccodigo codigo, emp_cnombre 'nombre o razon social', emp_cnumrif 'r.i.f' sgviempr","sgviemp1") set echo on suspend select sgviemp zap in sgviemp *-- browse *--zaps correct
Read more

jquery - Set jPicker field to empty value -

-
im using jpicker color selector in form. have clear value set window/icon 'no color selected' state. i've tried following: $(':input[name="color"]').val(''); //access value directly. (does not affect jpicker) 2: $.jpicker.list[0].color.active.val('hex', '', this); //set color black , input value 000000, instead of empty string 3: $.jpicker.list[0].color.active.val(null, '', this); //does nothing none of 3 methods seems behave properly. in advance. this works me :) $.jpicker.list[0].color.active.val('v', null); here example: http://jsfiddle.net/3up7n/
Read more

.htaccess - htaccess convert request to clean url and add slash at the end of the url -

-
ok , searched more 4 days , more 20 posts here in stach or in websites without kind of success first here htaccess file rewriteengine on rewriterule ^([a-za-z0-9_]+)/?$ index.php?page=$1 [nc] rewriterule ^([a-za-z0-9_]+)\/([a-za-z0-9_]+)\/?$ index.php?page=$1&action=$2 [nc] i tried many codes 1 worked me can call request , works me www.example.com/pagename => www.example.com/index.php?page=pagename here questions , please provide me information "in detail" understand code well 1- how convert request automatically www.example.com/index.php?page=pagename www.example.com/pagename 2- if tried add slash @ end shows me page without images or styling mean www.example.com/pagename => works www.example.com/pagename/ => doesn't work that's :) for first part need 301 rule this: rewritecond %{the_request} /index\.php\?page=([^\s&]+) [nc] rewriterule ^ /%1? [r=301,l] for second part use absolute path in css, js, images files r
Read more