search

rydurham / Sentinel

A Sentry bridge package for Laravel
http://www.ryandurham.com/projects/sentinel/
317 stars 68 forks source link

REST service #227

Closed demobiel closed 6 years ago

demobiel commented 7 years ago

Hi,

I am a little confused in how to use Sentinel with some REST api. This is the situation: Users login, and visit the website where the routes are protected via the middleware.

When I try to upload a file using an AJAX call, I always get "Not Authorized" as response. I don't understand how I have to send my authentication to the API route. I am now trying to use a simple ajax call via jQuery: $.ajax("/api/me"), which should return a json object of the logged in user, but returns 401 Unauthorized.

This is probably a noob question, but I don't seem to get my head around it, or have no idea what to send :(

Thanks!

Andries

rydurham commented 7 years ago

Good question. This package is not set up to support API access out of the box, but it shouldn't be too difficult to implement:

  1. Start by generating api tokens for each of your users and persist those to your database.

  2. Next, create a new middleware class that resolves an api token to a user and authenticate them. [Sentry](https://cartalyst.com/manual/sentry/2.1#sentry::login()) has some methods that will help with that second part.

  3. Update the package config settings to disable default routes it provides and instead implement them manually. This will allow you more flexibility in deciding which middelware classes are assigned to which routes.

Theoretically that should be it. Let me know how it goes! ~Ryan

kamaroly commented 7 years ago

I use this with laravel Api guard package.

On 13 Mar 2017 18:30, "Ryan Durham" notifications@github.com wrote:

Good question. This package is not set up to support API access out of the box, but it shouldn't be too difficult to implement:

1.

Start by generating api tokens for each of your users and persist those to your database. 2.

Next, create a new middleware class that resolves an api token to a user and authenticate them. Sentry https://cartalyst.com/manual/sentry/2.1#sentry::login() has some methods that will help with that second part. 3.

Update the package config settings to disable default routes it provides and implement them manually. This will allow you more flexibility in deciding which middelware classes are assigned to which routes.

Theoretically that should be it. Let me know how it goes! ~Ryan

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/rydurham/Sentinel/issues/227#issuecomment-286162518, or mute the thread https://github.com/notifications/unsubscribe-auth/ADdybHacfF94QT1kQDANkryWjuMaez3lks5rlW8hgaJpZM4MbDR4 .

demobiel commented 7 years ago

Hi

sorry for the late reply... this is not really what I meant, and I am sure I misused the word REST actually...

I would like to upload files via an AJAX call, so I don't want to them to really authenticate to a REST api, but just use the same session. Is this possible?

rydurham commented 7 years ago

Ah - I see. I think I understand what you mean.

By default, Laravel uses a different middleware stack for routes in the routes/api.php file than then ones in the routes/web.php file. One of those middleware classes is responsible for session management. So, as long as the route you use for the ajax upload goes through that middleware class, you will be able to have access to the existing session values.