bitstream/fuel-price
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: allow Sanctum-authenticated sessions through VerifyApiKey middleware

Browse Source 
Enables stateful API via Sanctum so the Vue SPA can call /api/* routes
using cookie auth, without requiring an X-Api-Key header.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Ovidiu U
2026-04-10 17:56:14 +01:00
parent 8cf5e210de
commit acaa791eda
3 changed files with 36 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/Http/Middleware/VerifyApiKey.php
View File

@@ -4,9 +4,10 @@ namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Symfony\Component\HttpFoundation\Response;
class VerifyApiKey
final class VerifyApiKey
{
/**
* Handle an incoming request.
@@ -15,6 +16,10 @@ class VerifyApiKey
*/
public function handle(Request $request, Closure $next): Response
{
if (Auth::guard('sanctum')->check()) {
return $next($request);
}
if ($request->header('X-Api-Key') !== config('app.api_secret_key')) {
abort(403);
}