How to have a route for both authenticated users and non-authenticated users

Question

I have an issue with auth:api middleware! We have a request that is accessible for both authenticated users and non-authenticated users when I define a route like this for non-authenticated users:

Route::post('{user}/leads', 'UsersController@getContact');

It's ok everything work fine when a guest user requesting this route. is and I can access user with $request->user();

but if pass token with bearer header and get the user with $request->user() of course it doesn't work! because we didn't use auth:api on this route, and if we do we can't access this route with guest users! So I can't find a way that we define one route for both authenticated users that if user is authenticated we get $request->user() and none authenticated users can access that route too!

Thanks in advance.

Answer 1

This is because Auth uses the default web guard. You have to check the api guard manually:

$user = Auth::user() ?? Auth::guard("api")->user();

Then you don't use any auth middleware. $user will be null if the user is a guest, otherwise it should be set.

Answer 2

If you want the routes are visible to only Authenticate users you can put all routes in auth middleware that is default provided by laravel you can put like this:-

enter code here
Route::group(['middleware' => ['auth']], function () {
Route::post('{user}/leads', 'UsersController@getContact');
});

And if you want to show the route both authenticate and non-authenticate user You can simply put outside the middleware Lik that:-

Route::match(['get', 'post'], '/cms-page','CmsController@cms');

Hope you understand

Answer 3

The solution I used was to create a new middleware for auth:

public function handle($request, Closure $next, ...$guards)
{

    try
    {
        $this->authenticate($request, $guards);
    }
    catch(AuthenticationException $ex)
    {

    }

    return $next($request);
}

and in at the BOTTOM of my route I did:

Route::middleware('auth_optional:api')->group(function () {
    Route::get('services', [ServiceController::class,'index']);
});

This way if Auth was needed ,it would assign the correct user to request, otherwise it would proceed as guest. I did need to do a $request->user() === null to make sure the user is guest

Answer 4

I would like to use additional routes both authenticated and non-authenticated users, But regarding the topic I add one simple way :

On the __constructor function of the Controller add those lines :

$authorizationHeader = \request()->header('Authorization');
        if(isset($authorizationHeader)) {
            $this->middleware('auth:api');
        }

But I don't concentrate this way as best practice, this brokes Single Responsibility Principle.