I'm building an app in Laravel v5.6 which should be entirely behind a login page (except for the login page itself and password reset pages).
I have written a middleware class CheckAuth
- the essentials are,
public function handle($request, Closure $next)
{
if (auth()->guest() && $this->requestIsNotForGuests($request->path())) {
return redirect()->route('login');
}
return $next($request);
}
If an unauthenticated user requests an unregistered route they see a 404 page. Unauthenticated users shouldn't know whether a route exists or not.
How can I redirect any unauthenticated request (excluding the login page itself and password reset pages) to the login page?
I have tried using route groups with middleware in routes/web.php but this isn't working as expected.
Update...
I have added the following to the end of routes/web.php
,
Route::any('{any}', function() {
abort(404);
})->where('any', '.*');
This achieves the behaviour I'm after but doesn't feel right - is there a better way?
if
statement readif (auth()->guest() || $this->isUnauthorisedRequest($request->path()))
– Derek PollardisUnauthorisedRequest
should be able to tell that the requested path is authorized for everyone. Either your naming convention here isn't indicative of its functionality or somethings wrong – Derek Pollard