Auth middleware

During the setup process, the auth package creates the following two middleware inside the ./app/Middleware directory. You can use these middleware to guard the routes against the un-authenticated requests.

Auth middleware

The auth middleware is stored inside the app/Middleware/Auth.ts file. You must register it as a named middleware inside the start/kernel.ts file.

start/kernel.ts

Server.middleware.registerNamed({
  auth: () => import('App/Middleware/Auth')
})

Once registered, you can attach the auth middleware to the application routes. For example:

Route.group(() => {
  
}).middleware('auth')

The auth middleware optionally accepts the guards to use for authenticating the current request. It will loop over all the defined guards and stops when any of the guards is able to authenticate the request.

The request continues when the request is authenticated
Otherwise, the AuthenticationException is raised. The exception uses content negotiation to make the response.

Route.group(() => {
  
}).middleware('auth:web,api')

Silent Auth middleware

The silent auth middleware silently checks if the user is logged-in or not. The request still continues as usual, even when the user is not logged-in.

This middleware is helpful when you want to render a public webpage, but also show the currently logged in user details somewhere in the page (maybe the header).

To summarize, this middleware does not force the users to be logged-in, but will fetch their details if they are logged-in and provide it you through out the request lifecycle.

If you plan to use this middleware, then you must register it inside the list of global middleware.

start/kernel.ts

Server.middleware.register([
  () => import('@ioc:Adonis/Core/BodyParser'),
  () => import('App/Middleware/SilentAuth')
])