Search code examples
phplaravelapacheauthenticationfedora

How do I auth and remember a user from a dApp to a Laravel server using HTTP authentication?

I'm trying to set up some routes for a Laravel API that receive and send data through a separate app. Right now, I have it communicating like this:

const request = require('request')

    const options = {url:'http://***.vagrant/signPersonal',headers: {'content-type': 'application/json'}}
    request.post(options,function (error, response, body) {
      console.log(error,response,body)
      const signedData = '0x'+body.replace(/^"(.*)"$/, '$1');
      console.log('sig: '+signedData.toString('hex'))
      callback(error, signedData)
    }).auth('****@**.*','123456123456',true).form(message)

Basically, I want to set up a login portal through the dApp (not the Laravel App) to authenticate the user for a certain amount of time. So how can I authenticate a user through routes, and time out their login session on the dApp.

Solution

  • Ended up just not using any middleware but instead creating a few custom functions for my own auth system. An auth route which updates the remember token through the normal auth request:

    Route::get('/auth',function (Request $request){
    $email = $request->getUser();
    $password = $request->getPassword();
    if (Auth::attempt(['email' => $email, 'password' => $password], true)) {
        User::updateRemembertoken(Auth::user(),Str::random(60));
        $token = Auth::getUser()['remember_token'];
        return response($token);
    }
});

    This token is then saved on the app client-side and returned as an 'authorization' header to every other http call the app makes. I added this to User.php in the Laravel API:

        /**
     * Check to see if the "remember_me" token has been updated within the hour.
     *
     * @param  string  $date
     * @return bool
     */
    public static function tokenExpired($date){
        $date = Carbon::createFromTimeString($date);
        $currenttime = Carbon::now();
        $timePlushour = $date->addHour();
        if($currenttime->greaterThanOrEqualTo($timePlushour)){
            return true;
        }else{
            return false;
        }
    }
    /**
     * Update the "remember me" token for the given user in storage.
     *
     * @param  \Illuminate\Contracts\Auth\Authenticatable  $user
     * @param  string  $token
     * @return void
     */
    public static function updateRememberToken(User $user, $token)
    {
        $user->remember_token = $token;
        //$user->setUpdatedAt(Carbon::now());
        $user->save();
    }

    public static function authUser(string $token){

        $findId = User::select('id')->where('remember_token',$token)->first();

        if($findId){
            if(Auth::loginUsingId($findId['id'])){
                $user = Auth::user()->all();
                if(User::tokenExpired(Auth::user()->updated_at)){
                    User::updateRemembertoken(Auth::user(),Str::random(60));
                }
                return Auth::user();
            }
        }else{
            return false;
        }
    }

    It searches by the token and auths the user that way, but only if the token's been updated less than an hour prior.