search

thedevdojo / auth

This is the repo for the DevDojo Auth package
https://devdojo.com/auth
MIT License
380 stars 28 forks source link

Add middleware Authentication Setup #53

Closed BnodpriA closed 3 weeks ago

BnodpriA commented 3 weeks ago

Hello guys, first of all, huge applause to the creator of this package. I loved it. However, I was not able to figure out the way to protect /auth/setup since I didn't find its route declaration. I wanted to add middleware so that only authenticated admin users have access to this route or any feature that can disable this page during production.

RudyAnconi commented 3 weeks ago

It's on the code.

vendor\devdojo\auth\src\AuthServiceProvider.php

public function boot(): void { Route::middlewareGroup('two-factor-challenged', [TwoFactorChallenged::class]); Route::middlewareGroup('two-factor-enabled', [TwoFactorEnabled::class]); Route::middlewareGroup('view-auth-setup', [ViewAuthSetup::class]); ...

vendor\devdojo\auth\src\Http\Middleware\ViewAuthSetup.php

public function handle($request, Closure $next) { if (! app()->isLocal() && ! Gate::allows('viewAuthSetup')) { return redirect('auth/login'); } if (app()->isLocal() || Gate::allows('viewAuthSetup')) { return $next($request); } abort(403); }

Meaning, only when you are local you can access it.

BnodpriA commented 3 weeks ago

@RudyAnconi thanks a lot.

tnylea commented 3 weeks ago

Thanks @RudyAnconi

Yep, it will be accessible if your .env APP_ENV is set to local. You can enable authorization on production by defining a gate, explained here: https://devdojo.com/auth/docs/setup-customizations/#authorization