Add sanctum + fortify

2025-10-30 16:53:46 -07:00
parent 5a7f46b75c
commit 531e9f1347
18 changed files with 979 additions and 2 deletions
--- a/README.md
+++ b/README.md
@@ -66,3 +66,33 @@ If you change the compose.yml file, run this in your shell (not with Sail):
 ```bash
 docker compose restart
 ```
+
+## Testing
+
+You should install an HTTP request client like Postman or Insomnia. Make sure you are setting the `Accept: application/json` header in all requests -- this application is not designed to generate any HTML views, aside from email messages and the password reset page.
+
+### List all Routes
+
+```bash
+sail php artisan route:list
+```
+
+### Authenticating
+
+Authentication is handled by Laravel Sanctum and Laravel Fortify. Instead of using JWTs or non-expiring API tokens, which come with a host of security issues, we use good old fashioned cookies to maintain the logged-in user's session.
+
+#### Sanctum Routes
+
+`GET /sanctum/csrf-cookie`: must be ran first to get the `XSRF-TOKEN` cookie. Then, the client is responsible for pasting this token into the `X-XSRF-TOKEN` request header of all subsequent authenticated requests. Make sure to base64-decode it first (basically, if there's a `%3D` at the end, change it to `=`).
+
+#### Fortify Routes
+
+`POST /login`
+
+`POST /register`
+
+`POST /logout`
+
+#### Application Routes
+
+`GET /api/user`