1

I am wanting to password protect my laravel application, ideally just on the deployment server (I'm using Fortrabbit), however, I don't mind logging in to my local development server.

I initially thought a route filter would suffice, but this doesn't seem to work:

Route::get('/', array('before' => 'auth.basic', function()
{
    // Only authenticated users may enter...
}));

At the top of my route file, this is completely ineffective, however, at the bottom of my route file, it does seem to work, but if I physically type a sub-directory in, i.e. localhost:8888/user/ it seems to override it.

Any guidance as to how you show your applications to clients (without Google, anyone else finding them), would be hugely appreciated.

4 Answers4

3

You need to apply the 'before' auth filter to all routes that require it.

The reason why it does not work at the top of your routes file is probably because you're specifying another GET route pointing to '/', whereas at the bottom of the file it will work fine since the route with auth.basic overwrites it.

You can do something like this to specify that all routes should be protected:

Route::group(array('before' => 'auth.basic'), function()
{
    // all your routes placed in here will be protected by auth.basic
});
seeARMS
  • 1,670
  • 1
  • 12
  • 14
  • I was about to suggest that, here is an +1 – afarazit Apr 22 '14 at 17:56
  • Where would you specify the constraints for auth.basic? Would you create a new controller for that? Or how would that work? I'm new to Laravel and trying to learn how things work. I apologize for my ignorance – carlstrom96 Apr 13 '19 at 17:33
1

Can you make a group around your routes. http://laravel.com/docs/routing#route-groups

(as suggested before me I see so I borrowed the code (give credit to that poster))

Route::group(array('before' => 'auth.basic'), function()
{
    // all your routes placed in here will be protected by auth.basic
});

or maybe you can use a patern based "*" wildcard at your routes?

Route::get('*', array('before' => 'auth.basic', function() {
// Only authenticated users may enter... }));

http://laravel.com/docs/routing#route-filters

Van den Brande Bart
  • 48
  • 3
  • But using that would make the login page inaccessible as well. Which what you're saying, they would need to login in the first place to be authentiated! What I want is just a username and password, which will then make the full site useable for my client. –  Apr 23 '14 at 20:20
0

Is a .htaccess file possible at fortrabbit? than maybe use: http://www.htaccesstools.com/articles/password-protection/

Van den Brande Bart
  • 48
  • 3
  • Thank you for your reply, unfortunately, the two directories are different on the local and production servers. When I am trying to reference the location of the `.htpasswd` it fails. I also get an Internal 500 error when adding the Auth Code to the `.htaccess`! –  Apr 22 '14 at 17:50
0

Sometimes I use Pagekite to temporarily allow access to a site on my local development box : https://pagekite.net/

Salida Software
  • 446
  • 5
  • 6