How to authenticate users on Laravel using middleware

1.add a route for login

Route::post('/login', 'auth@login');

2.make a controller and method for login

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use App\Models\Util\authorizer;

class auth extends Controller
{
    public function __construct()
    {
        $this->authorizer = new authorizer();
    }

    public function login(Request $request)
    {
        $id = $request->post('userId');
        $pw = $request->post('password');

        $this->authorizer->authUser($id, $pw);

    }
}

The authUser actually authenticates users, so the next step is to make this method.

3.make a method to authenticate a user

touch app/Models/Utils/authorizer.php

<?php

namespace App\Models\Util;

use Illuminate\Http\Request;
use Illuminate\Database\Eloquent\Model;
use Session;

class authorizer extends Model
{
    public function __construct()
    {
        $this->users = new \App\Users();
    }

    //obtain a record from User table and verify the entered userId and password
    public function authUser($id, $pw)
    {
        if (is_null($id)) return false;
        if (is_null($pw)) return false;
        $user = $this->users::where('userId',$id)->get();
        if ($user === False) return false;
        if (count($user) == 0 || !isset($user['pw'])) return false;
        if (password_verify($pw, $user['pw'])) {
            $this->setAuthSession($user);
        } 
    }

    // add userId to session
    private function setAuthSession($data)
    {
        if (isset($data['userId'])) request()->session()->put('userId', $data['userId']);
        request()->session()->save();
    }
}

At this point, a login function has been mounted. The next step is to distinguish unauthorized users from authorized users.

4.make a middlerware

php artisan make:middleware Authentication

<?php

namespace App\Http\Middleware;

use Closure;

class Authentication
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {

        //check the session information for auchentication
        if($request->session()->get('userId')==null){
            return response()->json(array('status' => 'NG'),403);
        }
        return $next($request);
    }
}

5.add the middleware to Kernel.php to use it

/**
     * The application's route middleware.
     *
     * These middleware may be assigned to groups or used individually.
     *
     * @var array
     */
    protected $routeMiddleware = [
        //'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
        'authentication' => \App\Http\Middleware\Authentication::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
        'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
        'can' => \Illuminate\Auth\Middleware\Authorize::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
    ];

1. add a route group to your route file

Route::group(['middleware' => ['authentication']], function () {
   Route::get('/userlist', 'users@getUserList');
});

By adding routes in the group, the middleware function (in this case authentication) is implemented so that unauthorized users can't reach /userlist.