Question

I have URLs that look like:

http://example.com/api/user?id=45&name=mike&api_token=2348283
http://example.com/api/project?id=5&description=first&api_token=2348283
etc...

In my controllers, I have functions that look like:

public function user_get_endpoint(Request $request){

    $request = $request->toArray();
    return UserModel::where($request)->get()->toArray();

}

The above will currently break since the $request object contains a property called api_token which does not exist in the user table. I am using the api_token in a middleware to check for authentication.

I can manually unset the api_token property in each of my API functions by using unset($request['api_token'], but I'd like to avoid that if possible.

Is there anyway to do this application wide or at a class or controller level?

Answer 1

Hello @kartik,

First arrange for the middleware to run on all routes:

// routes.php
$app->middleware([
    App\Http\Middleware\Apitoken::class
]);

Then define what the middleware should do:

// src/App/Http/Middleware/Apitoken.php
<?php
namespace App\Http\Middleware;

use Closure;

class Apitoken
{
    public function handle($request, Closure $next)
    {
        unset($request['api_token']);

        return $next($request);
    }
}

Hope it helps!!