Wednesday, March 8, 2017

Middleware for "guest" type user, using Dingo API

My User model may be anonymous (eg. no e-mail registered, $user->isAnonymous()). By using the api.auth middleware both anonymous and fully registered users can access a given route. Now I want to restrict a route, so that anonymous users can not access it.

(Important to notice that "anonymous users" are still authenticated, anonymous does not refer to unauthenticated)

The question is, where should I place this logic to best conform with the Dingo package? Am I looking at making my own middleware, extending Dingo, or maybe making a custom provider for Dingo?

Bonus question: I think the best result would have one middleware (eg. api.auth) only authorize those users that are not anonymous, and the second middleware (eg. auth.all) authorize both anonymous and non-anonymous users.



via Zoon

Advertisement