search

knuckleswtf / scribe

Generate API documentation for humans from your Laravel codebase.✍
https://scribe.knuckles.wtf/laravel/
MIT License
1.75k stars 314 forks source link

Middleware config to protected the documentation #518

Closed mdeprezzo closed 2 years ago

mdeprezzo commented 2 years ago

Hi guys, i need to protect the documentation only for some users. I've tried to add some middleware like:

auth:sanctum

in the scribe config; but doesn't works. I mean, if i try to dump the current logged user i get null. What am i missing?

leandrodiogenes commented 2 years ago

Hi @mdeprezzo the docs are not on router layer, they are on public folder. So, doc files are not affected by middlewares.

leandrodiogenes commented 2 years ago

if you want to protect the files, change scribe settings 'type' to 'laravel' instead of 'static'. Instead of generate the files on public/docs folder, scribe will generate an blade file on 'resources\views\scribe'.

leandrodiogenes commented 2 years ago

after that, add your middlewares on 'scribe.laravel.middleware' config.

config/scribe.php

    'laravel'     => [
        ...
        'middleware'       => ['auth:sanctum'],
    ],
mdeprezzo commented 2 years ago

@leandrodiogenes Thanks, but i already do that. But doesn't works. Because that middleware, 'auth:sanctum', redirect me on the default route if user is logged in. And like i said before, for testing purpose, if i try to dump the current user, on Authenticate middleware, i got NULL

shalvah commented 2 years ago

Hm, I'm confused. I don't think 'auth:sanctum' will work, because Scribe (even with type set to "laravel") does not use Sanctum. Either way, I'm closing this issue as I can't really help you. Whatever middleware you give to Scribe is passed verbatim to Laravel's Route::middleware(), so there's nothing we can do there.

vaites commented 2 years ago

I had the same issue: I want to protect the docs using the same authentification method that Laravel uses, but using middleware groups and route middleware (like web or auth) didn't worked. So I solved it adding all the web middleware classes plus the auth one:

'middleware' => [
    \App\Http\Middleware\EncryptCookies::class,
    \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
    \Illuminate\Session\Middleware\StartSession::class,
    \Illuminate\View\Middleware\ShareErrorsFromSession::class,
    \App\Http\Middleware\VerifyCsrfToken::class,
    \Illuminate\Routing\Middleware\SubstituteBindings::class,
    \App\Http\Middleware\Authenticate::class
],

I'm using Laravel Nova, and with this the /docs URL is protected with the same user/password used in Nova. If not logged in, user will be redirected to Nova's login screen and then redirected back to docs.

@shalvah, maybe a middleware_groups and route_middleware options can facilitate this?. That way you would not have to duplicate the code already defined in app/Http/Kernel.php.

shalvah commented 2 years ago

Very unlikely we'll be adding any new config options for a while. I think you can add a "docs" middleware group in your Kernel file.

vaites commented 2 years ago

Thanks @shalvah, it worked well. When I tried using ['web', 'auth'] didn't worked so I figured out I need to add all the classes.