Middleware for Api Authenticate

Author: kvyaceslav

app/Http/Controllers/API/Auth/LoginController.php

@@ -18,6 +18,9 @@ public function login(AuthRequest $request): JsonResponse
     {
         if (Auth::attempt($request->all())) {
             $user = Auth::user();
+
+            $user->tokens()->delete();
+
             $success = $user->createToken('MyApp')->plainTextToken;
 
             return $this->sendResponse(['token' => $success], AuthConstants::LOGIN);
@@ -31,28 +34,20 @@ public function login(AuthRequest $request): JsonResponse
      */
     public function logout(): JsonResponse
     {
-        if (Auth::check()) {
-            $user = Auth::user();
-
-            $user->tokens()->delete();
+        $user = Auth::user();
 
-            return $this->sendResponse([], AuthConstants::LOGOUT);
-        }
+        $user->tokens()->delete();
 
-        return $this->sendError(AuthConstants::UNAUTHORIZED);
+        return $this->sendResponse([], AuthConstants::LOGOUT);
     }
 
     /**
      * @return JsonResponse
      */
     public function details(): JsonResponse
     {
-        if (Auth::check()) {
-            $user = Auth::user();
-
-            return $this->sendResponse($user->toArray(), '');
-        }
+        $user = Auth::user();
 
-        return $this->sendError(AuthConstants::UNAUTHORIZED);
+        return $this->sendResponse($user->toArray(), '');
     }
 }

app/Http/Kernel.php

@@ -40,7 +40,7 @@ class Kernel extends HttpKernel
 
         'api' => [
             \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
-            \Illuminate\Routing\Middleware\ThrottleRequests::class.':api',
+            \Illuminate\Routing\Middleware\ThrottleRequests::class . ':api',
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
         ],
     ];
@@ -63,5 +63,6 @@ class Kernel extends HttpKernel
         'signed' => \App\Http\Middleware\ValidateSignature::class,
         'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
         'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
+        'api.auth' => \App\Http\Middleware\ApiAuthenticate::class,
     ];
 }

app/Http/Middleware/ApiAuthenticate.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Http\Controllers\API\BaseController;
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+use App\Constants\AuthConstants;
+use Illuminate\Support\Facades\Auth;
+
+class ApiAuthenticate extends BaseController
+{
+    /**
+     * @param Request $request
+     * @param Closure $next
+     * @return Response
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        if ($user = auth('sanctum')->user()) {
+            Auth::login($user);
+            return $next($request);
+        }
+
+        return $this->sendError(AuthConstants::UNAUTHORIZED);
+    }
+}

app/Http/Middleware/Authenticate.php

@@ -7,15 +7,6 @@
 
 class Authenticate extends Middleware
 {
-    /**
-     * @param [type] $request
-     * @param array $guards
-     * @return void
-     */
-    protected function unauthenticated($request, array $guards)
-    {
-    }
-
     /**
      * Get the path the user should be redirected to when they are not authenticated.
      */

routes/api.php

@@ -18,14 +18,11 @@
 |
 */
 
-Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
-    return $request->user();
-});
 
 Route::post('login', [LoginController::class, 'login']);
 Route::post('register', [RegisterController::class, 'index']);
 
-Route::group(['middleware' => 'auth:sanctum'], function () {
+Route::group(['middleware' => 'api.auth'], function () {
     Route::get('user', [LoginController::class, 'details']);
     Route::get('logout', [LoginController::class, 'logout']);