Laravel Basic
Laravel Form
Laravel Database
Laravel Advance
When building APIs, we need to make sure only authenticated users can access certain endpoints (like dashboard, profile, etc.).
In normal web apps, Laravel uses session + cookies, but for APIs we use tokens.
Authorization
header)php artisan make:middleware ApiAuthMiddleware
Edit file: app/Http/Middleware/ApiAuthMiddleware.php
namespace App\Http\Middleware; use Closure; use Illuminate\Http\Request; use App\Models\User; class ApiAuthMiddleware { public function handle(Request $request, Closure $next) { $token = $request->header('Authorization'); if (!$token) { return response()->json(['error' => 'Token not provided'], 401); } $user = User::where('remember_token', $token)->first(); if (!$user) { return response()->json(['error' => 'Invalid token'], 401); } // Store authenticated user in request $request->merge(['user' => $user]); return $next($request); } }
Register middleware in bootstrap/app.php
:
->withMiddleware(function (Middleware $middleware) { $middleware->alias([ 'auth.api' => \App\Http\Middleware\ApiAuthMiddleware::class, ]); })
Create controller:
php artisan make:controller Api/AuthController
app/Http/Controllers/Api/AuthController.php
:
namespace App\Http\Controllers\Api; use App\Http\Controllers\Controller; use Illuminate\Http\Request; use App\Models\User; use Illuminate\Support\Facades\Hash; use Illuminate\Support\Str; class AuthController extends Controller { // Register public function register(Request $request) { $request->validate([ 'name' => 'required|string|max:255', 'email' => 'required|email|unique:users', 'password' => 'required|min:6', ]); $user = User::create([ 'name' => $request->name, 'email' => $request->email, 'password' => Hash::make($request->password), ]); return response()->json(['message' => 'User registered successfully']); } // Login public function login(Request $request) { $request->validate([ 'email' => 'required|email', 'password' => 'required', ]); $user = User::where('email', $request->email)->first(); if (!$user || !Hash::check($request->password, $user->password)) { return response()->json(['error' => 'Invalid credentials'], 401); } // Generate token $user->remember_token = Str::random(60); $user->save(); return response()->json([ 'message' => 'Login successful', 'token' => $user->remember_token, ]); } // Dashboard public function dashboard(Request $request) { $user = $request->user; return response()->json([ 'message' => 'Welcome to Dashboard', 'user' => $user, ]); } // Logout public function logout(Request $request) { $user = $request->user; $user->api_token = null; // clear token $user->save(); return response()->json(['message' => 'Logged out successfully']); } }
Define routes in routes/api.php
:
use App\Http\Controllers\Api\AuthController; use Illuminate\Support\Facades\Route; Route::post('/register', [AuthController::class, 'register']); Route::post('/login', [AuthController::class, 'login']); // Protected routes Route::middleware('auth.api')->group(function () { Route::get('/dashboard', [AuthController::class, 'dashboard']); Route::post('/logout', [AuthController::class, 'logout']); });
After login copy token
Put token in hearder in Authorization key