PHP Classes

File: docs/PROTECTED_ROUTES_IMPLEMENTED.md

Recommend this page to a friend!
  Packages of Adrian M   upMVC   docs/PROTECTED_ROUTES_IMPLEMENTED.md   Download  
File: docs/PROTECTED_ROUTES_IMPLEMENTED.md
Role: Auxiliary data
Content type: text/markdown
Description: Auxiliary data
Class: upMVC
Pure PHP web development without other frameworks
Author: By
Last change: Update of docs/PROTECTED_ROUTES_IMPLEMENTED.md
Date: 2 months ago
Size: 5,224 bytes
 

Contents

Class file image Download

? Protected Routes - Hybrid Solution Implemented!

? What Was Done

Implemented a hybrid approach for managing protected routes - clear defaults with optional .env override.

? Changes Made

1. Added Class Property (Lines ~21-33)

/
 * Default protected routes requiring authentication
 * 
 * Can be overridden via PROTECTED_ROUTES in .env (comma-separated list)
 * IMPORTANT: Change these according to your application!
 */
private static $defaultProtectedRoutes = [
    '/dashboardexample/*',
    '/admin/*',
    '/users/*',
    '/moda'
];

Benefits: - ? Visible at top of class - ? Well documented - ? Easy to find and modify - ? Clear defaults

2. Added Smart Getter Method (Lines ~63-77)

/
 * Get protected routes from .env or use defaults
 */
private function getProtectedRoutes(): array
{
    // Check if overridden in .env
    $envRoutes = Environment::get('PROTECTED_ROUTES', '');
    
    if (!empty($envRoutes)) {
        // Parse comma-separated routes from .env
        return array_map('trim', explode(',', $envRoutes));
    }
    
    // Use default routes
    return self::$defaultProtectedRoutes;
}

Benefits: - ? Checks .env first (flexibility) - ? Falls back to defaults (reliability) - ? Parses comma-separated values - ? Trims whitespace

3. Updated setupEnhancedMiddleware() (Line ~107)

BEFORE:

// Hardcoded inline
$protectedRoutes = ['/dashboardexample/', '/admin/', '/users/*', '/moda'];
$middlewareManager->addGlobal(new AuthMiddleware($protectedRoutes));

AFTER:

// Smart getter
$protectedRoutes = $this->getProtectedRoutes();
$middlewareManager->addGlobal(new AuthMiddleware($protectedRoutes));

Benefits: - ? Clean and simple - ? Flexible (can use .env if needed) - ? Follows DRY principle

4. Updated .env Documentation

# Protected Routes (Optional - defaults defined in Start.php)
# Comma-separated list of routes requiring authentication
# PROTECTED_ROUTES=/dashboardexample/,/admin/,/users/,/api/,/moda

Benefits: - ? Documented for users - ? Commented out (uses defaults) - ? Example provided

? How It Works

Default Behavior (No .env override):

Application starts
    ?
getProtectedRoutes() called
    ?
Checks PROTECTED_ROUTES in .env
    ?
Not found ? Uses $defaultProtectedRoutes
    ?
Returns: ['/dashboardexample/', '/admin/', '/users/*', '/moda']

With .env Override:

# In .env
PROTECTED_ROUTES=/admin/,/api/,/dashboard/*


Application starts
    ?
getProtectedRoutes() called
    ?
Checks PROTECTED_ROUTES in .env
    ?
Found ? Parses comma-separated values
    ?
Returns: ['/admin/', '/api/', '/dashboard/*']

? Comparison

| Aspect | Before | After | Improvement | |--------|--------|-------|-------------| | Visibility | Buried in method | Top of class | ????? | | Documentation | None | Clear comments | ????? | | Flexibility | Hardcoded only | .env override | ????? | | Maintainability | Hard to find | Easy to find | ????? | | Environment-specific | No | Yes (optional) | ????? |

? Usage Examples

Example 1: Use Defaults (Most Common)

Just leave .env as-is (commented out):

# PROTECTED_ROUTES=/dashboardexample/,/admin/,/users/,/api/,/moda

Application uses defaults from Start.php! ?

Example 2: Override for Production

Different routes in production:

# Production .env
PROTECTED_ROUTES=/admin/,/api/,/billing/,/settings/

Application uses these instead! ?

Example 3: Override for Development

Less restrictive in development:

# Development .env
PROTECTED_ROUTES=/admin/*

Only /admin/* protected during development! ?

? How to Customize

Method 1: Edit Start.php (Permanent Defaults)

private static $defaultProtectedRoutes = [
    '/dashboardexample/*',
    '/admin/*',
    '/users/*',
    '/moda',
    '/api/*',           // ? Add your routes here
    '/billing/*',
    '/settings/*'
];

Method 2: Use .env (Environment-Specific)

# Development
PROTECTED_ROUTES=/admin/*

# Production
PROTECTED_ROUTES=/admin/,/api/,/users/,/billing/,/dashboard/*

? Benefits of This Solution

  1. ? Clear Defaults - Visible at top of class
  2. ? Well Documented - Comments explain purpose
  3. ? Flexible - Can override via .env when needed
  4. ? Environment-Aware - Different routes per environment
  5. ? Easy to Find - No digging through methods
  6. ? Follows Pattern - Same as Config.php $fallbacks
  7. ? Best of Both Worlds - Clarity + Flexibility

? Summary

Implemented: Hybrid protected routes configuration

Features: - ? Default routes defined as static property - ? Optional .env override - ? Smart getter method - ? Well documented - ? Environment-specific capability

Pattern matches: Config.php $fallbacks approach

Your Start.php is now even cleaner and more professional! ?