Laravel Authentication Tutorial #8 - Protected Routes
Skills:
LLM Foundations60%
Key Takeaways
This video tutorial demonstrates how to protect routes in a Laravel application using middleware, including how to apply middleware to individual routes and groups of routes, and how to redirect users based on their authentication status. The tutorial covers the use of Laravel's built-in 'auth' and 'guest' middleware to protect routes from unauthenticated and authenticated users, respectively.
Full Transcript
okay then gang so in the last lesson we used a couple of different play directives to conditionally hide certain links in the navbar to either guests or authenticated users and as part of that we hid the create link from guests because really only authenticated users should be able to create new records however we can still access that create page as a guest by just manually typing out the link for/ ninjas slre in the browser and then go to that page so we're not protecting that page from guests at all we're just hiding the link from them in the browser so now what I'd like to do is protect this create page from unauthenticated users so they can access it and in fact I'd also like to protect some other routes from guests as well like the index or the details pages so that they have to log in to access them and we can do this really easily by using some built-in middleware that larel provides to us now just as a very quick technical aside I wanted to briefly explain what middleware is in general so that you've got a broader understanding of what I mean when I'm talking about it so when we say we want to use some middleware in relation to a framework like LL we just mean we want to run a block of code or a function for a particular route for example imagine a get request comes into the server to forward SL ninjas then currently the index action in the Ninja controller would handle that request by running some code to fetch the ninja data and then it would return A View to the browser with that ninja data rendered within it okay so the controller handles all that now I could add some middleware into that round which runs some code before the controller action handles the request and that middleware function could do a bunch of different things like maybe session management or for tracking user activity or rate limiting Etc whatever code you want to run before the controller handles the request you can do inside a mware function and then once that middleware code's been run you can let the request move onto the controller action if you want to and the controller can then do what it needs to do now in our case we're going to use some builtin authentication middleware created for us out of the box by larl and this mid aware is going to be called or and it checks the authentication status of the user now if that user is authenticated then it lets the request carry on to the controller which could then maybe send back A View to the user but if the user isn't authenticated then it's going to intercept the request and redirect the user to a login route automatically and then the request never reaches the controller so by using this buil-in mid aware we can easily protect whatever routes we want from unauthenticated users and instead redirect them to a login page all right let's head to the routes file and register the or middleware on a route and we're going to start with the create route down here so to apply middleware to just a single route we can tack on a middleware method at the end of it right after we declare a name and then within that method we pass in the name of the middleware that we want to run now in our case we're just going to use some pre-made larl middleware called orth and that works right out of the box we don't need to do anything else and now for this route if we try to visit it while we're unauthenticated the or aware says no I'm going to redirect you now back to a/ login route and for this application that means they're going to land on the login page because we have that route already set up and that's how easy it is to protect a route in larl anyway let's try this out in a browser So currently I'm on the homepage I'm not authenticated you can tell that because I see these two buttons and not my name up here and I'm going to try going to the create page so I'm going to press on this and no we get redirected now to the login page just by using that or middleware awesome so then we could apply this middleware method to each rout in turn but because we want to protect every single route for this ninja resource there is an easier way to do this we can apply the same or middleware to a group of routes now to do this we're going to delete the middleware method from the single rout and then I'm going to come up to above all the ninja routes to make a group so the way we do this is by seeing routes and then we're going to use first of all the middleware method on that directly now inside the middleware method we can pass in the or middleware once we've done that we can tack on a method called group and we invoke it and as an argument to that group method we pass in a function okay so then it's inside this function code block that we just need to Nest all of the routes we want in this group and that's all of these Ninja routes right here so I'm just going to cut all of these and I'm going to paste them inside this function instead so what this does is group all of those routes together and it applies this middleware to the entire group of routes and that's a much easier approach than manually adding the middleware to each route individually that needs it now just while we're doing this grouping of routes I want to show you what else we can do and refactor to make these routes a little bit more readable so just like we added the middleware method to apply the or middleware to the whole group we can also add a method called controller to apply a controller to the whole group of routes and that way we wouldn't have to manually add the controller to each one so let me do this let me add the controller method right here after the middleware one and then we're just going to copy the fully qualified controller class and paste it in right here then instead of an array being used as the second argument for each route which contains the controller and the action name we can just use the action name on its own as a string because now we've already declared the controller for the entire group so now let me just update all of these routes to do that so the first one is done second one we'll get rid of the controller and the array itself like so third one let's get rid of all this and then the closing angle bracket or rather square bracket should I say again for the next one want get rid of those and then finally let's get rid of those all right cool so now we have a group of routes all using the or mid aware and therefore being protected against guests and they're all hooked up to the ninja controller now let's try this out in a browser all right so I'm going to try going to SL ninjas SLC create no not allowed forward slash ninjas nope still not allowed let's try the other one The Details page for SL ninjas slash I don't know two for the ID and no we get redirected awesome but if we log in so Mario net ninja dodev and then pw12 3 4 5 6 log in now I should be able to see all those pages the index the details and I can create new NES as well awesome okay then so we can also protect routes from users who are authenticated for example most of the authentication routes up here shouldn't really be available to users who are already authenticated they shouldn't be able to register another account while they're logged in or log in again while they're already logged in that just makes no sense so we could protect all of those routes from authenticated users except the logout one which authenticated users do need to access in order to log out and again Lile gives us some readymade mid aware that we can use out of the box and that checks the users authentication status if they're a guest un authenticated then the request carries on as normal but if they're logged in they are authenticated then laravel redirects the user to a home route or the rout of the website essentially and this time the name of the mid aware is just guest so we want to apply the guest mid aware to all of these routes except the logout one and we could just group all of the routes like with did down here with the other ones and appli the middleware to the whole group also we could do a similar thing with the controller too much like we did for the ninja controller down here now I'm not going to refactor all of this by hand now because that's going to waste your time watching here so I'm just going to delete all of this stuff and paste in the refactored code and you can see right here that we've got another group this time with the guest middleware applied to all of those routes and they're all hooked up to the or controller as well then up here we've just just got the logout route all on its loansome because we don't want to apply the guest middleware to that one all right then so now if we're authenticated we shouldn't be able to view the login or register Pages or make requests to sign up or login so let's try this out all right so I am currently logged in and I'm going to try to go to the login page and no I get redirected to the homepage because we shouldn't be seeing that login page same for the register page let me try that and again I get redirected back to the homepage awesome so that is working if we log out then we can see those pages we can see login and register cool all working all right then gangs so we've reached the end of the course I really hope you've learned something along the way and hopefully now you feel confident adding authentication into your own LL applications now although we've covered all of the foundations of authentication here there is more to learn and we've barely touched authorization which is a whole new topic entirely so whereas authentication is all about verifying a user's identity I guess and allowing them to log into the application authorization is more about what each type of user can do and what actions can they perform so stay tuned for whole larell authorization course in the future because that's something I'm going to work on very soon anyway thank you so much for watching going to see you all in the very next one so then my friends I really really hope you enjoyed this series and you learned something along the way if you did please please please don't forget to share subscribe and like that really means a lot and if you want to access all of my YouTube courses without adverts also get access to premium courses and Early Access courses as well you can do at net ninja. deev you can sign up for net ninj Pro which is just $9 a month and also half price for the first month with this promo code right here and for that like I said you get access to every course without adverts without YouTube adverts you also get access to exclusive courses not found anywhere else you get access to my premium courses on ude and also Early Access to all of my YouTube courses as well so the link to this page to sign up is going to be down below again I really hope you enjoyed this series and I'm going to see you in the very next one [Music]
Original Description
In this Laravel authentication course, you'll learn how to set-up and implement an authentication flow (sign up, log in & sign out) into a Laravel application.
🔥🔥 Get (early) access to the entire Net Ninja Pro library, including exclusive courses and masterclasses, here - https://netninja.dev/p/net-ninja-pro/
📂🥷🏼 Access the course files on GitHub:
https://github.com/iamshaunjp/laravel-auth
📂🥷🏼 Starter project on GitHub:
https://github.com/iamshaunjp/laravel-auth/tree/starter-project
🧠🥷🏼 Laravel 11 for Beginners:
https://www.youtube.com/watch?v=DKnn8TlJ4MA&list=PL4cUxeGkcC9gF5Gez17eHcDIxrpVSBuVt
🧠🥷🏼 PHP & MySQL Crash Course:
https://www.youtube.com/watch?v=pWG7ajC_OVo&list=PL4cUxeGkcC9gksOX3Kd9KPo-O68ncT05o
🔗🐄 Download & install Herd:
https://herd.laravel.com/
🔗👇 Laravel docs:
https://laravel.com/docs/11.x/readme
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from Net Ninja · Net Ninja · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Regular Expressions (RegEx) Tutorial #14 - Matching a Username
Net Ninja
Regular Expressions (RegEx) Tutorial #15 - Email RegEx Pattern
Net Ninja
Regular Expressions (RegEx) Tutorial #16 - Finishing Touches
Net Ninja
GraphQL Tutorial #1 - Introduction to GraphQL
Net Ninja
GraphQL Tutorial #2 - A Birdseye View of GraphQL
Net Ninja
GraphQL Tutorial #3 - Project (stack) Overview
Net Ninja
GraphQL Tutorial #4 - Making Queries (front-end preview)
Net Ninja
GraphQL Tutorial #5 - Express App Setup
Net Ninja
GraphQL Tutorial #6 - Setting up GraphQL
Net Ninja
GraphQL Tutorial #7 - GraphQL Schema
Net Ninja
GraphQL Tutorial #8 - Root Query
Net Ninja
GraphQL Tutorial #9 - The Resolve Function
Net Ninja
GraphQL Tutorial #10 - Testing Queries in Graphiql
Net Ninja
GraphQL Tutorial #11 - GraphQL ID Type
Net Ninja
GraphQL Tutorial #12 - Author Type
Net Ninja
GraphQL Tutorial #13 - Type Relations
Net Ninja
GraphQL Tutorial #14 - GraphQL Lists
Net Ninja
GraphQL Tutorial #15 - More on Root Queries
Net Ninja
GraphQL Tutorial #16 - Connecting to mLab
Net Ninja
GraphQL Tutorial #17 - Mongoose Models
Net Ninja
GraphQL Tutorial #18 - Mutations
Net Ninja
GraphQL Tutorial #19 - More on Mutations
Net Ninja
GraphQL Tutorial #20 - Updating the Resolve Functions
Net Ninja
GraphQL Tutorial #21 - GraphQL NonNull
Net Ninja
GraphQL Tutorial #22 - Adding a Front-end
Net Ninja
GraphQL Tutorial #23 - Create React App
Net Ninja
GraphQL Tutorial #24 - Book List Component
Net Ninja
GraphQL Tutorial #25 - Apollo Client Setup
Net Ninja
GraphQL Tutorial #26 - Making Queries from React
Net Ninja
GraphQL Tutorial #27 - Rendering Data in a Component
Net Ninja
GraphQL Tutorial #28 - Add Book Component
Net Ninja
GraphQL Tutorial #29 - External Query File
Net Ninja
GraphQL Tutorial #30 - Updating Component State
Net Ninja
GraphQL Tutorial #31 - Composing Queries
Net Ninja
GraphQL Tutorial #32 - query variables
Net Ninja
GraphQL Tutorial #33 - Re-fetching Queries
Net Ninja
GraphQL Tutorial #34 - Book Details Component
Net Ninja
GraphQL Tutorial #36 - Styling the App
Net Ninja
GraphQL Tutorial #35 - Making a Single Query
Net Ninja
Build Apps with Vue & Firebase - Udemy Course
Net Ninja
Updated Vue & Firebase Course (Udemy)
Net Ninja
Vue & Firebase Real-time Chat (Preview) #1 - Intro
Net Ninja
Vue & Firebase Real-time Chat (Preview) #2 - Project Structure
Net Ninja
Vue & Firebase Real-time Chat (Preview) #3 - Firestore Setup
Net Ninja
Vue & Firebase Real-time Chat (Preview) #4 - Welcome Screen
Net Ninja
Vue & Firebase Real-time Chat (Preview) #5 - Props in Routes
Net Ninja
Vue & Firebase Real-time Chat (Preview) #6 - Route Guards
Net Ninja
Vue & Firebase Real-time Chat (Preview) #7 - Chat Window
Net Ninja
Vue & Firebase Real-time Chat (Preview) #8 - New Message Component
Net Ninja
Object Oriented JavaScript Tutorial #1 - Introduction
Net Ninja
Object Oriented JavaScript Tutorial #2 - Object Literals
Net Ninja
Object Oriented JavaScript Tutorial #3 - Updating Properties
Net Ninja
Object Oriented JavaScript Tutorial #4 - Classes
Net Ninja
Object Oriented JavaScript Tutorial #5 - Class Constructors
Net Ninja
Object Oriented JavaScript Tutorial #6 - Class Methods
Net Ninja
Object Oriented JavaScript Tutorial #7 - Method Chaining
Net Ninja
Object Oriented JavaScript Tutorial #8 - Class Inheritance
Net Ninja
Object Oriented JavaScript Tutorial #9 - Constructors (under the hood)
Net Ninja
Object Oriented JavaScript Tutorial #10 - Prototype
Net Ninja
Object Oriented JavaScript Tutorial #11 - Prototype Inheritance
Net Ninja
More on: LLM Foundations
View skill →Related Reads
📰
📰
📰
📰
What Is a Simple Request and When Does the Browser Send a Preflight Request?
Dev.to · Alireza Hassankhani
How to learn the basics of c++?
Reddit r/learnprogramming
Composer Isn’t Just a Dependency Manager — It’s the Backbone of Modern PHP Development
Medium · Programming
How a frustrating school project led me to build my first CLI tool.
Medium · JavaScript
🎓
Tutor Explanation
DeepCamp AI