### Install Elfeffe Local Login using Composer Source: https://github.com/elfeffe/local-login/blob/main/README.md Instructions for installing the elfeffe/local-login package using Composer, specifying the local path repository for internal projects or a VCS repository for external ones. ```bash composer update elfeffe/local-login ``` -------------------------------- ### Integrate Local Login Middleware with Filament Panels Source: https://context7.com/elfeffe/local-login/llms.txt The LocalLoginServiceProvider::register() method ensures that the LoginFromQueryMiddleware is automatically injected into all Filament panels when Filament v4 is installed and the application is running locally. This streamlines the setup process for URL-based authentication within Filament applications. ```php id('admin') ->path('admin') ->login() // LoginFromQueryMiddleware is automatically prepended to authMiddleware ->authMiddleware([ LoginFromQueryMiddleware::class, // ... other auth middleware ]); // This works for all panels: Panel::make()->id('admin'); // Receives middleware Panel::make()->id('dashboard'); // Receives middleware Panel::make()->id('client-portal'); // Receives middleware // Result: ?logged= works on routes like: // - /admin/users?logged=1 // - /dashboard/analytics?logged=2 // - /client-portal/invoices?logged=3 ``` -------------------------------- ### Example Usage of Local Login URL Parameter Source: https://github.com/elfeffe/local-login/blob/main/README.md Demonstrates how to use the 'logged=' query parameter in a URL to trigger the local login functionality in the Elfeffe Local Login package. ```url https://your-app.test/dashboard?logged=62 ``` ```url https://your-app.test/dashboard/some/page?tool=adder&logged=62 ``` -------------------------------- ### Configure Local Path Repository for Composer Source: https://github.com/elfeffe/local-login/blob/main/README.md Example of how to configure a local path repository in a project's composer.json file to include the elfeffe/local-login package, recommended for internal projects. ```json { "repositories": { "local-login": { "type": "path", "url": "packages/elfeffe/local-login", "options": { "symlink": true } } }, "require": { "elfeffe/local-login": "dev-main" } } ``` -------------------------------- ### Install Local Login Package via Composer (CLI) Source: https://context7.com/elfeffe/local-login/llms.txt After configuring the local path repository in composer.json, this command updates Composer to install or update the 'elfeffe/local-login' package. The package utilizes Laravel's auto-discovery for service providers and middleware registration, requiring no further manual configuration or environment variables for immediate use. ```bash # Installation steps: composer update elfeffe/local-login # The package auto-registers via Laravel's package discovery: # - LocalLoginServiceProvider is automatically loaded # - Middleware is automatically added to 'web' group # - Filament integration (if installed) is automatic # No configuration files to publish # No environment variables to set # Works immediately in local environment ``` -------------------------------- ### Install Local Login Package via Composer Source: https://context7.com/elfeffe/local-login/llms.txt This JSON configuration sets up a local path repository in Composer, pointing to the 'elfeffe/local-login' package directory. This allows for local development and testing of the package by symlinking it directly into the project. The 'require' section then adds the package as a development dependency. ```json { "repositories": { "local-login": { "type": "path", "url": "packages/elfeffe/local-login", "options": { "symlink": true } } }, "require": { "elfeffe/local-login": "dev-main" } } ``` -------------------------------- ### PHP: POST Request with Logged Parameter Edge Case Source: https://context7.com/elfeffe/local-login/llms.txt This PHP code snippet explains that the middleware is designed to only process GET and HEAD requests. POST requests, even with a 'logged' parameter, will be skipped. ```php // Edge case 7: POST request with logged parameter $request = Request::create('/api/users', 'POST', ['logged' => '1']); // Result: Middleware skips processing, continues to next middleware // POST request not handled, only GET/HEAD allowed ``` -------------------------------- ### Validate Request for Local Login - PHP Source: https://context7.com/elfeffe/local-login/llms.txt A private method that determines if the middleware should process a request. It checks if the application is in a local environment, if the HTTP method is allowed (GET or HEAD), and if the `logged` query parameter is present. This ensures the authentication helper is only active in development. ```php '10']); // Returns true when: // - app()->isLocal() === true // - $request->method() === 'GET' or 'HEAD' // - $request->query->has('logged') === true // Invalid request - will skip to next middleware $invalidRequest1 = Request::create('https://app.test/users', 'POST', ['logged' => '10']); // Returns false (POST method not allowed) $invalidRequest2 = Request::create('https://app.test/users', 'GET', ['user' => '10']); // Returns false (missing 'logged' parameter) // In production (APP_ENV=production): $productionRequest = Request::create('https://app.test/users', 'GET', ['logged' => '10']); // Returns false (app()->isLocal() === false) // User remains unauthenticated, query parameter is ignored ``` -------------------------------- ### Register and Prioritize Local Login Middleware Source: https://context7.com/elfeffe/local-login/llms.txt The LocalLoginServiceProvider::boot() method automatically registers the LoginFromQueryMiddleware within the 'web' middleware group and adjusts its priority. By placing it before the standard authentication middleware, it ensures that URL-based authentication is processed before Laravel checks for an existing session, enabling seamless logins via query parameters. ```php pushMiddlewareToGroup('web', LoginFromQueryMiddleware::class); // 2. Middleware priority adjusted to run BEFORE authentication // Middleware execution order: // - LoginFromQueryMiddleware (logs user in) // - AuthenticatesRequests (checks if logged in) // - Other middleware // Example route that benefits: Route::middleware(['web'])->group(function () { Route::get('/profile', function () { return view('profile', ['user' => auth()->user()]); })->middleware('auth'); }); // URL: https://app.test/profile?logged=42 // Flow: // 1. LoginFromQueryMiddleware runs, authenticates user 42 // 2. Redirects to https://app.test/profile // 3. On redirect, 'auth' middleware finds authenticated user // 4. Profile page loads successfully ``` -------------------------------- ### Resolve Authentication Guard with Filament Source: https://context7.com/elfeffe/local-login/llms.txt The LoginFromQueryMiddleware::resolveGuard() method intelligently determines the authentication guard. It defaults to the standard Laravel guard but uses a custom guard defined in Filament panel configurations when on a Filament panel route. This ensures correct user authentication context across different application sections. ```php [ 'guard' => 'admin', ], ]; // The middleware will use Auth::guard('admin')->loginUsingId($userId) // This ensures the correct user table and session are used ``` -------------------------------- ### Basic Authentication with Curl Source: https://context7.com/elfeffe/local-login/llms.txt Demonstrates how to authenticate a user by appending '?logged=' to a URL. This works by setting a Laravel session cookie. It is effective for basic web pages. ```shell curl -L "https://app.test/dashboard?logged=1" # Response: 302 redirect to https://app.test/dashboard # Cookie set: laravel_session= ``` -------------------------------- ### Production Environment Behavior with Curl Source: https://context7.com/elfeffe/local-login/llms.txt Illustrates that in a production environment (APP_ENV=production), the 'logged' parameter is safely ignored. The middleware does not activate, and the user remains unauthenticated. ```shell # APP_ENV=production curl "https://production.com/admin?logged=1" # Response: Continues to next middleware # User remains unauthenticated # No redirect, parameter ignored ``` -------------------------------- ### Handle Login From Query Parameter - PHP Source: https://context7.com/elfeffe/local-login/llms.txt The main middleware handler that processes the `logged` query parameter for local authentication. It validates the environment, extracts the user ID, authenticates the user, and redirects to a clean URL. This function is designed for Laravel applications and is typically invoked via the framework's middleware stack. ```php '5', 'tab' => 'settings' ]); // The middleware will: // 1. Check if app()->isLocal() returns true // 2. Extract user ID "5" from query parameter // 3. Authenticate the user with ID 5 using Auth::guard()->loginUsingId(5) // 4. Redirect to https://app.test/dashboard?tab=settings (without 'logged') $response = $middleware->handle($request, function ($req) { return response('Next middleware'); }); // Response is a redirect: // - Status: 302 // - Location: https://app.test/dashboard?tab=settings // - User is now authenticated as user ID 5 ``` -------------------------------- ### Authentication Behind Ngrok Tunnel using Curl Source: https://context7.com/elfeffe/local-login/llms.txt Demonstrates using the package with a Ngrok tunnel. The middleware detects the local environment, allowing authentication via the Ngrok public URL. This is useful for sharing local development environments. ```shell # ngrok http 80 # Public URL: https://abc123.ngrok.io curl -L "https://abc123.ngrok.io/api/orders?logged=10" # Works because local environment (APP_ENV=local) is detected # User 10 authenticated, redirect to https://abc123.ngrok.io/api/orders ``` -------------------------------- ### Authentication with Filament Admin Panel using Curl Source: https://context7.com/elfeffe/local-login/llms.txt Illustrates how the package integrates with the Filament admin panel. Appending '?logged=' to an admin panel URL authenticates the specified user with Filament's configured guard. ```shell curl -L "https://app.test/admin/users?logged=1" # Response: 302 redirect to https://app.test/admin/users # User 1 authenticated with Filament's configured guard ``` -------------------------------- ### Authentication with Existing Query Parameters using Curl Source: https://context7.com/elfeffe/local-login/llms.txt Shows authentication when other query parameters are already present. The 'logged' parameter is processed for authentication, and then removed from the redirected URL. This ensures clean URLs after authentication. ```shell curl -L "https://app.test/users?filter=active&logged=5&sort=name" # Response: 302 redirect to https://app.test/users?filter=active&sort=name # User 5 is authenticated, 'logged' parameter removed ``` -------------------------------- ### Extract and Validate User ID for Login - PHP Source: https://context7.com/elfeffe/local-login/llms.txt A private method responsible for safely parsing the user ID from the `logged` query parameter. It ensures the provided ID is a positive integer, returning `null` for invalid or missing values. This prevents authentication errors and ensures only valid user IDs are processed. ```php '123']); // extractUserId() returns: 123 $request2 = Request::create('/', 'GET', ['logged' => '1']); // extractUserId() returns: 1 // Invalid user IDs - all return null $request3 = Request::create('/', 'GET', ['logged' => '']); // Returns: null (empty string) $request4 = Request::create('/', 'GET', ['logged' => 'abc']); // Returns: null (non-numeric) $request5 = Request::create('/', 'GET', ['logged' => '0']); // Returns: null (less than 1) $request6 = Request::create('/', 'GET', ['logged' => '-5']); // Returns: null (negative number) $request7 = Request::create('/', 'GET', ['logged' => ['multiple', 'values']]); // Returns: null (array not allowed) // When extractUserId() returns null, the middleware redirects without authentication ``` -------------------------------- ### PHP: Non-existent User Edge Case Source: https://context7.com/elfeffe/local-login/llms.txt This PHP code snippet demonstrates the behavior when a non-existent user ID is provided in the 'logged' parameter. The system responds with a 404 HTTP error. ```php // Edge case 4: Non-existent user // Visit: /dashboard?logged=999999 // Result: abort(404) - HTTP 404 response ``` -------------------------------- ### PHP: Multiple Logged Parameters Edge Case Source: https://context7.com/elfeffe/local-login/llms.txt This PHP code snippet illustrates how the package handles multiple 'logged' parameters in a single URL. It processes only the first occurrence of the parameter. ```php // Edge case 5: Multiple logged parameters // Visit: /dashboard?logged=1&logged=2 // Result: Uses first value (1), redirects to /dashboard ``` -------------------------------- ### Handling Invalid User ID with Curl Source: https://context7.com/elfeffe/local-login/llms.txt Shows the behavior when an invalid or non-existent user ID is provided in the 'logged' parameter. The package returns a 404 Not Found response in such cases. ```shell curl -L "https://app.test/dashboard?logged=99999" # Response: 404 Not Found (user doesn't exist in database) ``` -------------------------------- ### PHP: Already Authenticated as Same User Edge Case Source: https://context7.com/elfeffe/local-login/llms.txt This PHP code snippet demonstrates an edge case where a user is already logged in with the ID specified in the 'logged' parameter. The middleware correctly skips re-authentication. ```php // Edge case 1: Already authenticated as the same user Auth::loginUsingId(5); // Visit: /dashboard?logged=5 // Result: Skips re-authentication, just redirects to /dashboard ``` -------------------------------- ### PHP: Already Authenticated as Different User Edge Case Source: https://context7.com/elfeffe/local-login/llms.txt This PHP code snippet handles the scenario where a user is already logged in, but a different user ID is provided in the 'logged' parameter. The middleware logs out the current user and logs in the new one. ```php // Edge case 2: Already authenticated as different user Auth::loginUsingId(5); // Visit: /dashboard?logged=10 // Result: Logs out user 5, logs in user 10, redirects to /dashboard ``` -------------------------------- ### PHP: Empty Logged Parameter Edge Case Source: https://context7.com/elfeffe/local-login/llms.txt This PHP code snippet shows how the package handles an empty 'logged' parameter. It redirects to the target URL without attempting any authentication. ```php // Edge case 3: Empty logged parameter // Visit: /dashboard?logged= // Result: Redirects to /dashboard without authentication ``` -------------------------------- ### PHP: SQL Injection Attempt Edge Case Source: https://context7.com/elfeffe/local-login/llms.txt This PHP code snippet shows how the package prevents SQL injection attempts through the 'logged' parameter. It fails a `ctype_digit()` check and proceeds without authentication. ```php // Edge case 6: SQL injection attempt // Visit: /dashboard?logged=1;DROP TABLE users-- // Result: Fails ctype_digit() check, redirects without authentication ``` -------------------------------- ### Sanitize URL by Removing 'logged' Parameter Source: https://context7.com/elfeffe/local-login/llms.txt The LoginFromQueryMiddleware::stripLoggedParameter() method is responsible for removing the 'logged' query parameter from URLs. This is crucial for security and user experience, preventing accidental logins from bookmarked or shared URLs and keeping sensitive data out of browser history. ```php