A simple and extendable HTTP API for RainLab.User.
To install the API, run the following commands from your root October directory:
git clone git@github.com:scottbedard/rainlab-user-api.git plugins/bedard/rainlabuserapi
By default, all routes are grouped behind a /api/rainlab/user
prefix. To override this, add the following to a .env
file at the root of your October installation. Alternatively, you can use October's file based configuration.
RAINLAB_USER_API_PREFIX="/your/custom/prefix"
To disable the API completely, add the following environment variable:
RAINLAB_USER_API_ENABLE=false
To get the authenticated user, use the AccountManager
class.
use Bedard\RainLabUserApi\Classes\AccountManager;
$user = AccountManager::getAuthenticatedUser();
Using this method to fetch the User
model will trigger a bedard.rainlabuserapi.afterGetUser
event. This can be useful when other data is needed with the user. As an example, here we'll configure the API to load the user's avatar.
public function boot()
{
Event::listen('bedard.rainlabuserapi.afterGetUser', function ($user) {
$user->load(['avatar']);
});
}
All endpoints use a base controller that can be extended. This can be used to add middleware that make the responses consistent with the rest of your API. To do this, add the following to your Plugin.php
file. See the October documentation for more information on using middleware.
public function boot()
{
\Bedard\RainLabUserApi\Classes\ApiController::extend(function($controller) {
$controller->middleware('Path\To\Custom\Middleware');
});
}
Authenticate a user.
Log out the authenticated user.
Stop impersonating a user.
Create user and trigger activation process.
Activate a new user.
Send the user a link to reset their password.
Reset a user's password.
Get information about the authenticated user. This route uses the AuthMiddleware
, authentication is required to access it.
Updates information about the authenticated user. This route uses the AuthMiddleware
, authentication is required to access it. When changing passwords with safe password updates enabled, the user's current password must be included in the request as password_current
.
Deletes the authenticated user's avatar. This route uses the AuthMiddleware
, authentication is required to access it.
Copyright (c) 2018-present, Scott Bedard.