Laravel - Password protect a Route
Question
I have an application which doesn't have user roles, as all functions apart from 1 are open to all users.
As we have added an SMS notification function which comes with a cost, I want to limit who can use this function behind a password.
So currently in my Form I have the following:
<div class="row">
<div class="col-sm-8">
<div class="card">
<h2 class="text-center">Send SMS Notification</h2>
<p class="text-center">Please note a password is required for this function</p>
<div class="card-header card-header-rose card-header-text">
<div class="card-text">
<h4 class="card-title">Enter Message</h4>
</div>
</div>
{!! Form::open(array('action' => ['NotificationController@sms'],'method'=>'POST', 'class'=>'form-horizontal')) !!}
<div class = "card-body">
@if (count($errors)>0)
<div class = "alert alert-danger">
<strong>Whoops!</strong> There were some problems with your input.<br><br>
<ul>
@foreach ($errors->all() as $error)
<li>{{ $error }}</li>
@endforeach
</ul>
</div>
@endif
<div class = "row">
<label class = "col-sm-2 col-form-label">Message: </label>
<div class = "col-sm-6">
<div class = "form-group">
<input type = "text" class = "form-control" maxlength="160" name="message">
</div>
</div>
</div>
</div>
<div class = "card-footer">
<div class = "row">
<div class = "col-md-4">
<div class="pull-left">
<a href="{{action('HomeController@index')}}" class = "btn btn-danger">Cancel</a>
</div>
</div>
<div class ="col-md-4">
<button type="submit" class="btn btn-success">Send SMS Notification</button>
</div>
</div>
</div>
{!!Form::close()!!}
</div>
</div>
</div>
So the idea is when the Send SMS Notification is press, the system will ask for a password which the user needs to enter.
I have no idea how to add this function, and google hasn't helped. Currently, the code for sending a message is fine and not facing any issues here.
Other suggestions are welcome.
Thanks
2 answers
solution1
0 2022-06-14 08:36:03
I think you are looking for Laravel Basic Auth . Basic Auth comes with Laravel auot of the box.
You need an users table with their emails and passwords. You can protect routes with that midleware witch only accept authenticater users to get next request.
In your case if you want to limit users acces to sms sending feature you will have to add some kind of differentiation in your user model something like a policy where you control which users can or cannot send sms.
Http basic auth expect find an email as username in Basic Auth form.
The only thing, you need to do is
Route::get('/sendsms', [SmsController::class,'index'])->middleware('auth.basic');
More about this in Laravel Doc
solution2
0 2022-06-14 08:50:50
besides middleware you can do simple check in controller (assuming you storing password hased, as it should be stored), just add password field in send sms form
$validated = request()->validate([
'password' => 'required',
// other rules here
]);
// take it from users table or where you're going to store passwords
$hashedOriginal = Hash::make('smspassword');
$isPasswordValid = Hash::check($validated['password'], $hashedOriginal);
if (!$isPasswordValid) {
abort('401');
}
// your send sms code next
in general middleware allowes you extend password protected functions very easy, so if there is any chance that sending sms is not the last password protected function you'd better stick with middleware
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.