Laravel api bypass auth api for specific ip address

Jay
January 5, 2023
234 views
0 votes
2 Answers

Below is my laravel 8 api route and middleware that I use

Route::group(['middleware'=>['auth:api', 'StripScript'],'prefix' => 'v1'], function(){
    Route::get('/list', [ListController::class, 'list']);
});

I this I want to bypass middleware ‘auth:api’ if I get request from specific ip address so user doesn’t require to pass token and it should auto login as one specific user.

Note that I want to bypass auth and not to do ‘Ip address Whitelist’ as I do have whitelist for this I want to totally by pass for one IP address.

Tags: laravel laravel-8

Answers

- Kalm225rG225bor
- January 5, 2023 at 12:17 pm
- 0 votes
0
This should work:
```
Route::group(['middleware' => in_array(request()->ip(), $arrayOfTrustedIps) ? ['StripScript'] : ['auth:api', 'StripScript'],'prefix' => 'v1'], function(){
    Route::get('/list', [ListController::class, 'list']);
});
```
You should also handle the references to the authed user, if there are any (e.g. auth()->user()->id will throw an error).

IMHO you should authenticate the trusted party via a token sent in header, if you have access to the api call code.
Managing these kind of exceptions in your code can quickly become cumbersome and will be challenging to understand for everyone (including you).
Login or Signup to reply.

- Mahdi
- January 5, 2023 at 12:23 pm
- 0 votes
0
It’s not good idea, But any way if you want try this…

Go app/Http/Middleware/Authenticate.php

Add && override handle function like below
```
    public function handle($request, Closure $next, ...$guards)
    {

        // check $request is coming from where and set a statement ture/false for a $isComingFromDesiredIp;

        if (! $isComingFromDesiredIp) {
            $this->authenticate($request, $guards);
        }

        return $next($request);
    }
```
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.