Jerome Carter Jerome Carter - 3 months ago 23
PHP Question

How to allow any user to access a route with Laravel JWT Authentication?

I'm using the Tymon/JWT-Auth package for my Laravel REST API. In my

routes.php
file I can add routes meant for unauthenticated users and routes for authenticated users.

Routes for unauthenticated users ignore the authorization header. However, I'd like a route group that can utilize the authorized users data if the header is valid and do something else if it isn't set or invalid.

Is there any way to implement such functionality, or maybe a solution in the JWTAuth package built-in middleware?

Answer

To solve this dilemma , I made my own middleware based on the JWTAuth GetUserFromToken middleware, and I added it to the routeMiddleware array in the Kernel file.

RouteMiddleware

<?php

namespace App\Http\Middleware;

use Tymon\JWTAuth\Exceptions\JWTException;
use Tymon\JWTAuth\Exceptions\TokenExpiredException;

class NeutralRoute extends \Tymon\JWTAuth\Middleware\BaseMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, \Closure $next)
    {
        $token = $this->auth->setRequest($request)->getToken();

        if($token){
            try {
                $user = $this->auth->authenticate($token);
            } catch (TokenExpiredException $e) {
                return $this->respond('tymon.jwt.expired', 'token_expired', $e->getStatusCode(), [$e]);
            } catch (JWTException $e) {
                return $this->respond('tymon.jwt.invalid', 'token_invalid', $e->getStatusCode(), [$e]);
            }
            if($user){
                $this->events->fire('tymon.jwt.valid', $user);
            }
        }

        return $next($request);
    }
}
Comments