php - Globally accessible user object in controllers and models -
i'm building laravel api authenticates users using authentication token. routes need authentication, i'm wrapping them in auth
filter:
route::group(array('before' => 'auth'), function() { route::get('user/account', 'usercontroller@getaccountdetails'); });
my auth
filter decrypts passed in authentication token , checks if it's valid:
route::filter('auth', function() { // try catch because crypt::decrypt throws exception if it's not valid string decrypt try { $authtoken = crypt::decrypt(request::header('authorization')); // if there's user tied auth token, it's valid $user = authtoken::where('token', '=', $authtoken)->first()->user()->first(); if (!$user) { throw new \exception(); } // make user globally accessible in controllers } catch (\exception $e) { return response::json([ 'data' => [ 'error' => 'you must logged in access resource.' ], 'success' => false, 'status' => 403 ], 403); } });
pretty simple stuff, i'm stuck on next part. want able retrieve current user record in controllers , models.
for example, if used laravel's auth
library current user doing auth::user()
in controllers. i'd have kind of functionality i'm not sure how build it. write class gets instantiated after authentication static method returns user
model?
not sure if that's option you, maybe use oauth2 instead of writing "your own" token based authentication?
there quite nice ouath2 server wrapper laravel project: oauth2-server-laravel.
according it's documentation can (for example password flow authentication) put in it's config:
'password' => array( 'class' => 'league\oauth2\server\grant\password', 'access_token_ttl' => 604800, 'callback' => function($username, $password){ $credentials = array( 'email' => $username, 'password' => $password, ); $valid = auth::validate($credentials); if (!$valid) { return false; } return auth::getprovider()->retrievebycredentials($credentials)->id; } )
and can can authenticate (via username , password in case) sending post request that:
post https://www.example.com/oauth/access_token? grant_type=password& client_id=the_client_id& client_secret=the_client_secret& username=the_username& password=the_password& scope=scope1,scope2& state=123456789
request return generated token, , can make api calls usual, putting token in post data.
in api logic getting user token quite simple in case, run:
user::find(resourceserver::getownerid());
it makes stuff like: refresh tokens, other grant flows, scope access, clients management lot easier. out of box in fact.
you can secure particular route that:
route::get('secure-route', array('before' => 'oauth', function(){ return "oauth secured route"; }));
you can find more details in oauth2-server-laravel documentation: https://github.com/lucadegasperi/oauth2-server-laravel
and oauth2 documentation: http://oauth.net/documentation/
Comments
Post a Comment