Laravel + VUEJS hidden sections, authentication check how best to do?

M

Mr_Romanov2018-12-08 23:05:27

Laravel

Mr_Romanov, 2018-12-08 23:05:27

I am learning laravel, before that I wrote in pure php in conjunction with ajax jquery.
Actually the question is, it is clear how the authorization and verification modules work at the blade level.
Question: I have all the backing on the rest api, I communicate through VUEJS, and I draw everything through VUE components.
Is it safe to be limited to blade-level checks without a deep understanding of VUEJS interactions with laravel authorization?
Or is it worth deploying something like Jwt-auth? And delve into it?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

Sergey Krivosheev, 2018-12-09
@Mr_Romanov

I use this solution for myself. From laravel only rest api with authorization by jwt Frontend
stores all forms, buttons, etc. displaying the interface is done through checking access rights.
The server on laravel, after authorization returns the menu + rbac of the user. The interface is rendered based on the user's permissions. When the list of permissions is changed, for example by an administrator, an updated list of roles is sent to the user via websocket. The interface is being rebuilt.
And on the server I always check if the user is allowed to perform this action
. Ps jwt increases the convenience and speed of development due to its versatility. For example, to implement a web socket, I use laravel-echo which uses the same jwt authorization

A

Alexander Aksentiev, 2018-12-08
@Sanasol

Is it safe to limit yourself to checks at the blade level

Where did the blade come from, if you have everything on vue, I still don’t understand.
If your backend/api gives any information without authorization and checking for rights, and they should be, then naturally you need to check this in the api on the back as well.