What is guard in Laravel?
guards in Laravel define how the system should store and retrieve information about your users. At a high level, this is the process of authentication using guards.
| Zenuml graph macro | ||||||
|---|---|---|---|---|---|---|
|
The default Auth middleware is \App\Http\Middleware\Authenticate.php. There is another auth.basic middleware \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth.
How to bind a path to a Controller and
...
middleware?
| Code Block |
|---|
Route::get('/user/profile', "UserController@profile") // profile is a method of UserController
->middleware('auth:session,foo') // Format is 'middleware:param1, param2' |
...
| Zenuml sequence macro lite | ||||||
|---|---|---|---|---|---|---|
| ||||||
Authenticate.handle(request, next, guards) {
authenticate(request, guards) {
// If guards are empty, use "config:app.defaults.guard"
foreach(guards) {
authGuard = "Auth:AuthManager".guard(guard)
checkResult = authGuard.check()
if(checkResult) {
// If this authGuard passes check, we will resolve user from it
"Auth:AuthManager".shouldUse(guard) {
setUserResolver() {
// resolve the user from authGuard
user = authGuard.user()
}
}
}
}
}
} |
About AuthManager
How does Lighthouse authentication works?
Note that Lighthouse does not use “Authenticate.php” middleware. It uses the following middlewares:
Middleware | ||
|---|---|---|
EncryptCookies | This is newly added to support web authentication. | New |
StartSession | This is newly added to support web authentication. | New |
AcceptJson | Always set the Accept: application/json header. | Default |
AttemptAuthentication | Attempt to authenticate the user. | Default |
The guards declared in the schema will be finally passed to GuardDirective.php.
| Code Block |
|---|
// /nuwave/lighthouse/src/Auth/GuardDirective.php
protected function authenticate(array $guards): void
{
foreach ($guards as $guard) {
if ($this->auth->guard($guard)->check()) {
// @phpstan-ignore-next-line passing null works fine here
$this->auth->shouldUse($guard);
return;
}
}
$this->unauthenticated($guards);
} |
schema
| Code Block |
|---|
type User {
id: ID!
name: String!
email: String! @guard(with: ["api", "web"])
created_at: DateTime!
updated_at: DateTime!
diagrams: [Diagram!]! @hasMany
}
|
Do I need to set lighthouse.guard?
It is used at line #14. If a field has no guard definition, AttemptAuthentication will try to use the guard configured in lighthouse.php. If it does not pass the check, nothing will happen. In comparison, the field pass none of the listed guards, it will fail. If it does pass the check, it will set the userResolver to use that guard. In our case, we should use web.
| Code Block |
|---|
// nuwave/lighthouse/src/Support/Http/Middleware/AttemptAuthentication
public function handle(Request $request, Closure $next, ...$guards)
{
$this->attemptAuthentication($guards);
return $next($request);
}
/**
* @param array<string> ...$guards
*/
protected function attemptAuthentication(array $guards): void
{
if (empty($guards)) {
$guards = [AuthServiceProvider::guard()];
}
foreach ($guards as $guard) {
if ($this->authFactory->guard($guard)->check()) {
// @phpstan-ignore-next-line passing null works fine here
$this->authFactory->shouldUse($guard);
return;
}
}
} |