Extracted API auth into guard

Also implemented more elegant solution to allowing session auth for API routes; A new 'StartSessionIfCookieExists' middleware, which wraps the default 'StartSession' middleware will run for API routes which only sets up the session if a session cookie is found on the request. Also decrypts only the session cookie. Also cleaned some TokenController codeclimate warnings.
2025-08-09 10:22:51 +03:00 · 2019-12-30 14:51:28 +00:00
parent 3de55ee645
commit 349b4629be
9 changed files with 224 additions and 60 deletions
--- a/app/Config/auth.php
+++ b/app/Config/auth.php
@@ -34,9 +34,7 @@ return [
        ],

        'api' => [
-            'driver' => 'token',
-            'provider' => 'users',
-            'hash' => false,
+            'driver' => 'api-token',
        ],
    ],