I'm using the Tymon/JWT-Auth package for my Laravel REST API. In my routes.php file I can add routes meant for unauthenticated users and routes for authenticated users.
Routes for unauthenticated users ignore the authorization header. However, I'd like a route group that can utilize the authorized users data if the header is valid and do something else if it isn't set or invalid.
Is there any way to implement such functionality, or maybe a solution in the JWTAuth package built-in middleware?
To solve this dilemma , I made my own middleware based on the JWTAuth GetUserFromToken middleware, and I added it to the routeMiddleware array in the Kernel file.
RouteMiddleware
<?php
namespace App\Http\Middleware;
use Tymon\JWTAuth\Exceptions\JWTException;
use Tymon\JWTAuth\Exceptions\TokenExpiredException;
class NeutralRoute extends \Tymon\JWTAuth\Middleware\BaseMiddleware
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, \Closure $next)
{
$token = $this->auth->setRequest($request)->getToken();
if($token){
try {
$user = $this->auth->authenticate($token);
} catch (TokenExpiredException $e) {
return $this->respond('tymon.jwt.expired', 'token_expired', $e->getStatusCode(), [$e]);
} catch (JWTException $e) {
return $this->respond('tymon.jwt.invalid', 'token_invalid', $e->getStatusCode(), [$e]);
}
if($user){
$this->events->fire('tymon.jwt.valid', $user);
}
}
return $next($request);
}
}