Middleware

User Module

---

• Guest middleware
• Logged in middleware
• AuthorisedApiToken
• AuthorisedApiTokenAdmin

Guest middleware

The guest middleware makes sure the current route can't be accessed by a logged in user.

By setting a route in the redirect_route_after_login config key in the config/asgard.user.users.php file, you can make the middleware redirect to your desired route. This defaults to homepage.

Example usage:

$router->get('login', [
    'middleware' => 'auth.guest', 
    'as' => 'login', 
    'uses' => 'AuthController@getLogin',
]);

Logged in middleware

The logged in middleware makes sure the current route can only be accessed by logged in users. This will redirect the user to the login page if it fails.

Example usage:

$router->group(['middleware' => 'logged.in'], function (Router $router) {
    $router->get('account', [
        'as' => 'user.account',
        'uses' => 'Frontend\ProfileController@show',
    ]);
});

AuthorisedApiToken

This middleware allows you to protect your API routes with a user API key system.

When protected your api routes with this middleware, and failing to provide an API key during the request, a 403 forbidden response will be sent.

$router->group(['prefix' => 'v1', 'middleware' => 'api.token'], function (Router $router) {
    // Routes proteted by the middleware
});

AuthorisedApiTokenAdmin

This is similar to the AuthorisedApiToken middleware, with one addition that it checks if the given API token belongs to an administrator. This can be usuful if you have api routes that must only be accessed by an administrator.

Since AsgardCMS 2.0, all default API routes from the backend are protected by this middleware.

$router->group(['prefix' => 'v1', 'middleware' => 'api.token.admin'], function (Router $router) {
    // Routes proteted by the middleware
});