Skip to content

Authentication/Authorization and Security

These features are provided by laravel's native "fortify" and "sanctum" packages. Permission are handled by Spatie's "Laravel-Permissions" package. Currently supported authentication features include email verification and password resets.

The sanctum middleware provides a stateful SPA authentication and protection from CSRF and XSS. In addition, a general accessibility (authorized_users_only and read_only) middleware is used and formRequest authorization are used per specific modification API route.