Is it possible to use Auth::user() on non-authenticated routes?

Question

This must be something really easy, but I don't have a lot of experience in Laravel, and I have been searching and trying hard with no luck.

I am working on an existing project, and it has some routes that use the auth:api middleware, like so:

Route::group(['namespace' => 'Api', 'prefix' => 'api', 'middleware' => 'auth:api', 'throttle:100,1'], function () {

    // Route.....

});

Inside any controller for these routes, Auth::user() works fine, and returns the logged in user instance. So far, so good.

Now, I have another set of routes, which are public, so they don't use the auth:api middleware. However, a logged in user can also access these routes, and based on this condition (whether logged in or not) I want to run additional logic. So to summarize, the page is accessible to both logged in and public users; but if the user is logged in, we run an additional logic. However, when I try to use Auth::user() it returns null, and auth()->check() returns false.

Remember, I cannot use the auth middleware, as that will restrict the public users from accessing the page, which is not what we need.

Answer 1

You can manually authenticate the user when he requests the route if he has the needed information to be authenticated. If he doesn't then you can use your logic for the unauthenticated user.

https://laravel.com/docs/5.7/authentication#authenticating-users

This may be useful aswell

Answer 2

您应该将 auth 与警卫一起使用。

{{ \Auth::guard('api')->user(); }}

Answer 3

Alternatively, you may access the authenticated user via an Illuminate\\Http\\Request instance.

Expl

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;

class ProfileController extends Controller
{
    /**
     * Update the user's profile.
     *
     * @param  Request  $request
     * @return Response
     */
    public function update(Request $request)
    {
        // $request->user() returns an instance of the authenticated user...
    }
}

Check Documentation

Answer 4

While calling Auth::guard('api')->user() works, I find it very ugly having to set the default guard every time you are trying to access the authenticated user.

What you could do is create a new middleware that sets the default guard for the specific routes.

Create a new middleware:

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Contracts\Auth\Factory as Auth;

class DefaultGuard
{
    /**
     * The authentication factory instance.
     *
     * @var Auth
     */
    protected $auth;

    /**
     * Create a new middleware instance.
     *
     * @param Auth $auth
     *
     * @return void
     */
    public function __construct(Auth $auth)
    {
        $this->auth = $auth;
    }

    /**
     * Handle an incoming request.
     *
     * @param         $request
     * @param Closure $next
     * @param         $guard
     *
     * @return mixed
     */
    public function handle($request, Closure $next, $guard)
    {
        $this->auth->shouldUse($guard);

        return $next($request);
    }
}

Add it to the $routeMiddleware property in app\\Http\\Kernel.php

protected $routeMiddleware = [
    'guard' => DefaultGuard::class,
];

Apply it to your public routes:

Route::group([ 'middleware' => 'guard:api'], function () {
    // Route.....
});

Now you can access the authenticated user like you normally would, eg:

Auth::user();
$request->user();
etc.