i have problem when access api with guard. i have define 2 guards those are customer-api and pegawai-api. The problem is when i login using pegawai i can access api link with customer-api guard, and when i login with customer token i can access api link with pegawai-api
this is routes/api.php
Route::controller(AuthController::class)->group(function () {
Route::post('register/customer', 'registerCustomer');
Route::post('register/pegawai', 'registerPegawai');
Route::post('login', 'login');
// Route after login
Route::middleware(['auth:customer-api,pegawai-api'])->group(function () {
Route::post('logout', 'logout');
Route::post('change-password', 'changePassword');
});
});
Route::middleware(['auth:pegawai-api'])->group(function () {
Route::controller(KamarController::class)->group(function () {
Route::get('kamar', 'index');
Route::post('kamar', 'store');
Route::get('kamar/{id}', 'show');
Route::put('kamar/{id}', 'update');
Route::delete('kamar/{id}', 'destroy');
});
});
Route::middleware(['auth:customer-api'])->group(function () {
Route::controller(CustomerController::class)->group(function () {
Route::get('customer', 'show');
Route::put('customer', 'update');
});
});
this is Models/Customer.php
class Customer extends Authenticatable
{
use HasFactory, Notifiable, HasApiTokens;
protected $table = "customer";
protected $guard = 'customer-api';
protected $fillable = [
'id_jenis_customer',
'no_identitas',
'jenis_identitas',
'nama_institusi',
'nama',
'email',
'password',
'no_telp',
'alamat',
];
protected $hidden = [
'password',
];
}
This is Models/Pegawai.php
class Pegawai extends Authenticatable
{
use HasFactory, Notifiable, HasApiTokens;
protected $table = "pegawai";
protected $guard = 'pegawai';
protected $fillable = [
'id_role',
'nama',
'email',
'password',
'no_telp',
'alamat',
];
protected $hidden = [
'password',
];
public function role($role)
{
if($this->id_role == $role){
return true;
}
return false;
}
this is Middleware/Authenticate.php
class Authenticate extends Middleware
{
/**
* Get the path the user should be redirected to when they are not authenticated.
*/
protected function redirectTo(Request $request): ?string
{
return $request->expectsJson() ? null : route('login');
}
}
This is config/auth.php
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'pegawai-api' => [
'driver' => 'passport',
'provider' => 'pegawais',
],
'pegawai' => [
'driver' => 'session',
'provider' => 'pegawais',
],
'customer-api' => [
'driver' => 'passport',
'provider' => 'customers',
],
'customer' => [
'driver' => 'session',
'provider' => 'customers',
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
],
'pegawais' => [
'driver' => 'eloquent',
'model' => App\Models\Pegawai::class,
],
'customers' => [
'driver' => 'eloquent',
'model' => App\Models\Customer::class,
],
],
this is Http/Controllers/AuthControllers to check login credentials
public function login(Request $request){
$loginData = $request->validate([
'email' => 'required|email',
'password' => 'required',
]);
if(Auth::guard('customer')->attempt($loginData)){
$token = Auth::guard('customer')->user()->createToken('AuthToken')->accessToken;
return response()->json([
'status' => true,
'message' => 'Login Success',
'data' => Auth::guard('customer')->user(),
'token' => $token,
], 200);
}
if(Auth::guard('pegawai')->attempt($loginData)){
$token = Auth::guard('pegawai')->user()->createToken('AuthToken')->accessToken;
return response()->json([
'status' => true,
'message' => 'Login Success',
'data' => Auth::guard('pegawai')->user(),
'token' => $token,
], 200);
}
return response()->json([
'status' => false,
'message' => 'Invalid Credentials',
], 401);
}