Laravel api auth?

S

stepan-neretin72019-05-19 22:03:44

API

stepan-neretin7, 2019-05-19 22:03:44

Laravel api auth?

Greetings, colleagues. It is necessary to make api auth for the android and vue client. So that each api request has checks, rights (who can perform them_For example, only a teacher can create courses, a teacher can only edit his courses and delete only his own. The administrator can delete all courses , create, etc. And a regular user can only view courses)
Here I wrote, but in my opinion it turns out some kind of shit code

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

D

dk-web, 2019-05-20
@dk-web

Passport, and for rights I set laratrust

K

K. A., 2019-05-20
@f_u_s_s

For rights I often use - https://github.com/Zizaco/entrust - here you have roles, and groups and sugar in models
For authorization by api - https://github.com/tymondesigns/jwt-auth - for authorization
A You can already check rights and roles at the middleware level - the logic is simple: the client sends a request to the API, the server checks the permissions issued by the token and already skips or not

A

axit, 2019-05-20
@axit

How many roles and rights do you have? First of all, try build-in features, gates and policies, and then go to the packages, the main thing to remember is the simpler the code === the better)))
Most likely you should look towards JWT, but VERY VERY not a fact !!!

D

Dmitry, 2019-06-13
@dlnsk

Dear answerers, do not confuse authentication and authorization!
stepan-neretin7 , it is convenient to use JWT for server authentication.
For authorization (rights/roles) I use my own library. If you don't need to store permissions on the server and change roles online, you can try it too. This is an add-on to the standard Laravel permissions.
Module: https://github.com/dlnsk/h-rbac
Habré article: Laravel 5. Hierarchical RBAC for the smallest