GitHub

Authentication

TinyMVC provides a complete authentication system with session management, remember me functionality, and route protection.

Configuration

Register the Auth service in your AppServiceProvider:

use Spark\Http\Auth;
use App\Models\User;

$container->singleton(Auth::class, function(Container $container) {
    return new Auth(
        $container->get(Session::class),
        User::class,
        [
            'cache_enabled' => false,
            'guest_route' => 'admin.auth.login',
            'logged_in_route' => 'admin.dashboard',
            'cookie_name' => 'remember_me',
            'cookie_expire' => '30 days'
        ]
    );
});

Basic Authentication

Logging In

// In your login controller
public function login(Auth $auth)
{
    $user = User::where('email', request('email'))->first();
    
    if ($user && password_verify(request('password'), $user->password)) {
        $auth->login($user, request('remember'));
        return redirect($auth->getLoggedInRoute());
    }
    
    return response()->with('error', 'Invalid credentials')->back();
}

Logging Out

public function logout(Auth $auth)
{
    $auth->logout();
    return redirect($auth->getGuestRoute());
}

Authentication Helpers

// Check if user is guest
if (is_guest()) {
    return redirect('login');
}

// Get current user
$user = user();

// Access user properties
$name = user('name');
$email = user('email');

// Set temporary user data
user()->temp_data = 'value';

Protecting Routes

Use middleware to protect routes:

Route::group(['middleware' => 'auth'], function() {
    Route::get('dashboard', [DashboardController::class, 'index']);
});

Remember Me Functionality

Enable "remember me" by setting cookie configuration:

new Auth(
    $session,
    User::class,
    [
        'cookie_name' => 'remember_token',
        'cookie_expire' => '30 days'
    ]
);

Advanced Features

Refreshing User Data

// Refresh user data from database
$auth->refresh();

Clearing Cache

// Clear cached user data
$auth->clearCache();

Redirect Paths

// Get redirect paths
$loginRoute = $auth->getGuestRoute();
$dashboardRoute = $auth->getLoggedInRoute();

User Access

// Access user properties directly
$name = $auth->name;
$email = $auth->email;

// Call user methods
$auth->updateProfile($data);

Security Tip: Always hash passwords before storing them in the database. TinyMVC recommends using PHP's Hash Encryption Class.

Tip: Always use auth() helper to access the Auth service.

Full Authentication Example

// Login Controller
public function authenticate(Auth $auth, Hash $hash)
{
    $credentials = request()->validate([
        'email' => ['required', 'email'],
        'password' => ['required']
    ]);

    $user = User::where('email', $credentials['email'])->first();

    if ($user && $hash->validatePassword($credentials['password'], $user->password)) {
        $auth->login($user, request('remember_me'));
        return redirect()->intended($auth->getLoggedInRoute());
    }

    return response()->with('error', 'Invalid credentials')->back();
}

// Protected Dashboard Controller
public function dashboard(Auth $auth)
{
    return view('dashboard', [
        'user' => $auth->getUser()
    ]);
}