I have made an api which validate my JWT Auth token and return user with its module type. But now i want to check that this token is only for this module that is Chiro or PT. Currently my Controller is looking like:
class AuthenticateUserController extends Controller
{
public function getAuthenticatedUser(Request $request)
{
$modules = DB::table('modules')
->join('user_access_modules', 'modules.id', 'user_access_modules.module_id')
->where('user_access_modules.user_id', Auth::user()->id)
->select('modules.type','modules.id')->first();
try {
if (! $user = \Tymon\JWTAuth\Facades\JWTAuth::parseToken()->authenticate()) {
return response()->json(['user_not_found'], 404);
}
} catch (Tymon\JWTAuth\Exceptions\TokenExpiredException $e) {
return response()->json(['token_expired'], $e->getStatusCode());
} catch (Tymon\JWTAuth\Exceptions\TokenInvalidException $e) {
return response()->json(['token_invalid'], $e->getStatusCode());
} catch (Tymon\JWTAuth\Exceptions\JWTException $e) {
return response()->json(['token_absent'], $e->getStatusCode());
}
$status = true;
return response()->json(compact('status','user','modules'));
}
}
This api validates token i am using postman and i am passing Bearer token into my headers and my response on this api is below.
{
"status": true,
"user": {
"id": 10,
"email": "shahzadshah11323@hotmail.com",
"status": 0,
"created_at": "2019-04-29 11:07:46",
"updated_at": "2019-04-29 11:07:46",
"created_by": null,
"updated_by": null,
"is_super_admin": 0
},
"modules": {
"type": "Chiro",
"id": 6
}
}
Now Here i want to check that this token is only for type Chiro no other module can access this token how i can put this condition on my token , currently this token can be used with any module but i want to authenticate token with specific module type.
i am sending body request in postman like this:
{
"type": "Chiro"
}
to check this token is only valid for this module: How i can implement this scenario and can solve this problem? Your help will be appreciated.