Unable to authorize users using middleware - Githubissues

ans-group / laravel-health-check

A package for checking the health of your Laravel & Lumen applications

https://ukfast.co.uk/open-source.html

MIT License

159 stars 45 forks source link

Unable to authorize users using middleware #66

Open andrzejkupczyk opened 2 years ago

andrzejkupczyk commented 2 years ago

What is the issue?

I'm not able to limit access to the /health endpoint using middleware. There's no way to retrieve the user making the request ($request->user() returns null). Am I missing something?
Not sure if it is possible to use middleware with parameters (e.g. role:admin)?

Steps To Reproduce

Use existing middleware, e.g.:

    'middleware' => [
        \App\Http\Middleware\Authenticate::class,
    ],

or try with a custom one (try to dump the user) and visit the /health endpoint.

Zrzut ekranu z 2022-02-01 16-44-27

As you can see I was redirected to the login page, but since I was already logged in, the app redirected me back to the home page.

Expected behaviour

If the user is authenticated, the user object should be accessible so I could make some additional authorization checks.

Additional context

Works fine when the middleware parameter is empty or contains a middleware which does not try to access the user object.

Tested with Laravel 8.76.1.

Gman98ish commented 2 years ago

Sorry, just saw this @andrzejkupczyk

You might also need to add the StartSession middleware first, potentially the cookie ones as well

The /health endpoint has no middleware on it by default, so might be an idea to copy/paste the 'web' defaults:

https://github.com/laravel/laravel/blob/9.x/app/Http/Kernel.php#L35

I'll have a think about how better to solve this