In Laravel 5.7, How to override Tymon Jwt-Auth Middleware in Kernel?

0
votes

I'm using Laravel 5.7 for some api. I'm also using package https://github.com/tymondesigns/jwt-auth to generate JWT tokens to authenticate users. I have configured everything long time ago and it works well.

I register Route group in RouteServiceProvider.php under routes/api_v1.php :

Route::prefix('api/v1')
     ->middleware('api')
     ->namespace($this->namespace.'\API\V1')
     ->group(base_path('routes/api_v1.php'));

In config.auth.php I have api_v1 guard with driver jwt :

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],

    'api_v1' => [
        'driver' => 'jwt',
        'provider' => 'users',
    ],
],

I have made App/User.php implemented Tymon\JWTAuth\Contracts\JWTSubject and implemented the 2 methods.

But when in app/Http/Kernel.php I added in middlewares array :

protected $routeMiddleware = [
    // previous middlewares,
    'jwt.auth' => \App\Http\Middleware\JWTAuthenticate::class
];

The Routes in routes/api_v1.php under the group jwt.auth:

Route::middleware(['jwt.auth'])->group(function() {

// Keep auto resource route at bottom to prevent route conflict with Show parameter route
foreach(Controller::$resourceModels as $key => $model) {
    //Route::post($key.'/{id}/patch', $model.'Controller@patchUpdate');
    Route::resource($key, $model.'Controller');
}

});

never reach middleware App\Http\Middleware\JWTAuthenticate::class but always go to the original tymon package middleware Tymon\JWTAuth\Http\Middleware\Authenticate::class.

Even if I don't put api driver to jwt in auth.php config, and I don't put any jwt.auth class in Middleware it's working normally with original middleware.

What I need is for the Routes group to go to my own middleware class App/Http/Middlewares/JWTAuthenticate :

<?php

namespace App\Http\Middleware;

use Tymon\JWTAuth\Http\Middleware\Authenticate;

use Closure;

class JWTAuthenticate extends Authenticate
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     *
     * @throws \Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException
     *
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        // My own logics here
        // ...


        $this->authenticate($request);

        return $next($request);
    }
}

and this way I can override handle method and check for my own things first.

2
laravel-5laravel-middlewarejwt-auth

2 Answers

5
votes

I can tell you why it happens.

The file app\Http\Kernel.php with the middleware config, gets called earlier than registering the service providers.

The Tymon JWT service provider gets therefore called afterwards and sets middleware aliases for:

  • 'jwt.auth' => Tymon\JWTAuth\Http\Middleware\Authenticate::class,
  • 'jwt.check' => Tymon\JWTAuth\Http\Middleware\Check::class,
  • 'jwt.refresh' => Tymon\JWTAuth\Http\Middleware\RefreshToken::class,
  • 'jwt.renew' => Tymon\JWTAuth\Http\Middleware\AuthenticateAndRenew::class,

thus overriding your key.

So using another middleware key is therefore the right way to use your own implementation.

0
votes

I renamed the middleware route group and changed

Route::middleware(['jwt.auth'])->group(function() {

to

Route::middleware(['jwt.authenticate'])->group(function() {

and

'jwt.auth' => \App\Http\Middleware\JWTAuthenticate::class

to

'jwt.authenticate' => \App\Http\Middleware\JWTAuthenticate::class

And the original jwt.auth was not called anymore. I don't know why but I can control it now in my Middleware.