How to access a laravel API with authentication

0
votes

In order to learn API and afterward AngularJS, I thought I could create a blog's backend using laravel (which I never used before) and AngularJS for the frontend. The backend I want is a restful API allowing to read the blog if you're not authenticated and to CRUD if you are.

1/ I've been able to set up my database with my tables :

USER     PAGES   POSTS     CATEGORIES
----     ----    ----      ----
id       id      id        id
name     name    name      name
password content content
mail             category
role             author
                 createdAt
                 updatedAt

2/ Controllers, Models an Routes seems fine :

UserController.php :

<?php

  class UserController extends \BaseController {
    public function index($id = null) {}
    public function store($id = null) {}
    public function update($id) {}
    public function destroy($id) {}
  }

User.php : 

  use Illuminate\Auth\UserTrait;
  use Illuminate\Auth\UserInterface;
  use Illuminate\Auth\Reminders\RemindableTrait;
  use Illuminate\Auth\Reminders\RemindableInterface;

  class User extends Eloquent implements UserInterface, RemindableInterface {
    use UserTrait, RemindableTrait;
    public $timestamps = false;
    protected $table = 'users';
    protected $hidden = array('password', 'remember_token');

    public function posts() {
      return $this->has_many('Post');
    }
  }

routes.php :

[...]
Route::get('/authtest', array('before' => 'auth.basic', function() {
  return View::make('hello');
}));

Route::post('User', [
  'as' => 'User/store',
  'uses' => 'UserController@index']);
Route::get('User', [
  'as' => 'User/index',
  'uses' => 'UserController@store']);
Route::get('User/{id}', [
  'as' => 'User/index',
  'uses' => 'UserController@store']);
Route::put('User', [
  'as' => 'User/update',
  'uses' => 'UserController@update']);
Route::delete('User/{id}', [
  'as' => 'User/destroy',
  'uses' => 'UserController@destroy']);
[...]

3/ The thing is :

Supposing I want to login as admin:admin to the API to add a post. How can I do that ? How can a user send credentials to my API? Using curl I can type : curl --user user:password testserver/authtest which works with the auth.basic route parameter. But how do I do that in JS or some other language ? And how can I store this information so the user does not have to send its password everytime ?

1
angularjsauthenticationlaravel

1 Answers

1
votes

here is a link to an implementation of sending basic auth using Angular:

http://wemadeyoulook.at/en/blog/implementing-basic-http-authentication-http-requests-angular/

As for the username and password, you can try storing them in an encrypted cookie - although I really don't recommend doing it this way. I'd rather use API keys.

Here is a library I made in Laravel to use API keys and is currently being implemented in multiple Angular projects:

https://github.com/chrisbjr/api-guard