Closed sukhy-ghataore closed 5 months ago
I check the JWT just after the autoload.php, before I handle the route. If the JWT is not valid, I reject a 401 error, otherwise, I create a variable (one array) in which I load the user rights for the connected user.
Then, inside each route, I check if the user rights allow the user to access that route. If the user is not allowed, it returns a 403 error, otherwise, the controller is executed.
You can see this concretely in my skeleton. I am not sure if this is the cleanest way but I do like this for several years and it works very well.
So I guess what you're asking is can Flight handle middleware? We're building support for that with #514 Hopefully that gets you where you're hoping for.
I have blade and eloquent running with flightphp along with JWT
I was wondering whether its possible to protect api routes
I currently have this at the moment. Is there a better way of achieving this >