How to make hidden authorization?

K

killbond2016-08-31 16:31:11

Nginx

killbond, 2016-08-31 16:31:11

In the Angular JS + Laravel API project, you need to make hidden authorization in the admin panel, i.e. in such a way that for a random passerby, the admin URL behaves as if it does not exist. nginx is used as a web server. Because PHP in the project only as an API, authorization, I believe, will fall entirely on the shoulders of nginx, how to do this? It's not clear how to filter out visitors who have access to the admin panel? I recently learned about JWT , but I need a user-friendly way so as not to explain to him how to use Postman. In the case of JWT, it's probably possible to make a command line script that passes the request with the token to the server, but maybe there's an easier solution?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

G

Gleb Gryadk.in, 2016-08-31
@killbond

for tests, I use user agent validation.
I put myself a unique addon to the browser.
for nginx it will be something like this:
habrahabr.ru/post/231277/

X

xmoonlight, 2016-08-31
@xmoonlight

https://domain.com/admin/this is my megatokeny I won't tell anyone else we give it out404

P

Pavel Volintsev, 2016-08-31
@copist

Use HTTP MiddleWare
Here is a solution to restrict access to some URLs with checking the access rights of an authorized user
laravel.io/forum/02-17-2015-laravel-5-routes-restr...
But they redirect to / in the absence of some role home , and you need (as I understand it) to return 404 Page Not Found

public function handle($request, Closure $next)
{
    if ($request->user()->type != 'A')
    {
        abort(404,'Page not found');
    }

     return $next($request);
}