 |
VOOZH | about |
|
VOOZH | about |
The RequestGuard provides callback-based authentication for custom authentication strategies. Unlike SessionGuard which uses persistent session storage or JwtGuard which uses JWT tokens, RequestGuard delegates authentication logic entirely to a user-provided callback function. This allows for flexible, application-specific authentication mechanisms such as API key validation, third-party authentication, or custom token schemes.
For general guard concepts and the GuardHelpers trait shared across all guards, see Guards Overview and GuardHelpers Trait. For authentication manager integration, see AuthManager.
The RequestGuard implements the Guard contract (not StatefulGuard) and uses the GuardHelpers trait for common authentication methods. It operates statelessly within a single request, relying on Hyperf's Context for request-scoped caching.
Sources: src/Guards/RequestGuard.php1-76
The RequestGuard class implements the Guard contract and includes both GuardHelpers and Macroable traits:
| Component | Type | Purpose |
|---|---|---|
Guard | Interface | Base guard contract defining authentication methods |
GuardHelpers | Trait | Provides common methods like check(), authenticate(), guest() |
Macroable | Trait | Enables dynamic method addition at runtime |
The class does not implement StatefulGuard because it has no state persistence (no login/logout capabilities).
Sources: src/Guards/RequestGuard.php16-19
The constructor accepts two parameters:
$provider (src/Guards/RequestGuard.php32): A UserProvider instance for user data retrieval$callback (src/Guards/RequestGuard.php33): A callable that implements the authentication logicThe RequestInterface is automatically resolved from the DI container (src/Guards/RequestGuard.php36-37):
Sources: src/Guards/RequestGuard.php31-38
The authentication callback is the core of RequestGuard. It receives the UserProvider as an argument and must return either an Authenticatable user object or null:
Callback Signature:
The callback is invoked in the user() method (src/Guards/RequestGuard.php49):
The callback has full access to:
UserProvider for database queriesSources: src/Guards/RequestGuard.php27-29 src/Guards/RequestGuard.php49
The RequestGuard uses Hyperf's Context to cache the authenticated user within a single request, preventing redundant callback invocations:
The context key is constant: 'auth.guards.request' (src/Guards/RequestGuard.php73). The caching mechanism is implemented in src/Guards/RequestGuard.php42-45:
Sources: src/Guards/RequestGuard.php40-56 src/Guards/RequestGuard.php71-74
The complete authentication flow for RequestGuard:
If the callback throws an exception, it is caught and the result is cached as null (src/Guards/RequestGuard.php51-52):
This prevents cascading failures and ensures that failed authentication attempts don't repeatedly invoke the callback.
Sources: src/Guards/RequestGuard.php40-56
| Method | Return Type | Description | Source |
|---|---|---|---|
user() | ?Authenticatable | Retrieves authenticated user via callback | src/Guards/RequestGuard.php40-56 |
validate(array $credentials) | bool | Validates credentials (checks if user exists) | src/Guards/RequestGuard.php61-64 |
setUser(Authenticatable $user) | void | Manually sets the authenticated user | src/Guards/RequestGuard.php66-69 |
The following methods are provided by the GuardHelpers trait:
| Method | Return Type | Description | Source |
|---|---|---|---|
authenticate() | Authenticatable | Returns user or throws AuthenticationException | src/Guards/GuardHelpers.php21-28 |
check() | bool | Returns true if user is authenticated | src/Guards/GuardHelpers.php77-80 |
guest() | bool | Returns true if user is not authenticated | src/Guards/GuardHelpers.php41-44 |
hasUser() | bool | Determines if guard has a user instance | src/Guards/GuardHelpers.php33-36 |
id() | int|string|null | Returns authenticated user's ID | src/Guards/GuardHelpers.php49-56 |
getProvider() | UserProvider | Returns the user provider | src/Guards/GuardHelpers.php61-64 |
setProvider(UserProvider $provider) | void | Sets the user provider | src/Guards/GuardHelpers.php69-72 |
Sources: src/Guards/GuardHelpers.php1-116
The validate() method in RequestGuard has a simplified implementation compared to other guards (src/Guards/RequestGuard.php61-64):
Note that the $credentials parameter is ignored. Validation simply checks if the callback returns a user. This differs from SessionGuard and JwtGuard, which perform actual credential validation through the UserProvider.
Sources: src/Guards/RequestGuard.php61-64
| Feature | RequestGuard | SessionGuard | JwtGuard |
|---|---|---|---|
| Interface | Guard | StatefulGuard | Guard |
| State Persistence | None | Session | None (stateless token) |
| Login Method | ❌ | ✓ | ❌ |
| Logout Method | ❌ | ✓ | ✓ (token invalidation) |
| Credential Validation | Custom callback | Database + password hash | Token signature |
| Context Caching | ✓ | ✓ | ✓ |
| Custom Logic | Full flexibility | Fixed session logic | Fixed JWT logic |
| Use Case | API keys, custom auth | Web applications | APIs, microservices |
RequestGuard vs SessionGuard:
RequestGuard has no login() or logout() methods (src/Guards/RequestGuard.php16 vs src/Guards/SessionGuard.php15)SessionGuard uses session storage; RequestGuard uses callbacks (src/Guards/SessionGuard.php23)SessionGuard implements StatefulGuard; RequestGuard implements only GuardRequestGuard vs JwtGuard:
Guard (not StatefulGuard)JwtGuard has specific token handling logic; RequestGuard delegates all logic to callbacksJwtGuard has token invalidation; RequestGuard has no persistenceSources: src/Guards/RequestGuard.php16-19 src/Guards/SessionGuard.php15-18
A typical use case for RequestGuard is API key authentication:
Another use case is integrating with external authentication services:
Callback Logic Flow:
Authenticatable userFor custom multi-factor authentication:
Callback Logic Flow:
UserProviderThe RequestGuard is typically registered with the AuthManager in the configuration. The guard factory receives the callback:
Configuration Pattern:
'request'For details on guard registration and resolution, see AuthManager.
Sources: src/Guards/RequestGuard.php1-76
The RequestInterface is resolved from the application container at construction time (src/Guards/RequestGuard.php36-37):
This ensures the guard always has access to the current HTTP request for extracting authentication credentials (headers, query parameters, etc.).
Unlike SessionGuard which generates unique context keys per session (src/Guards/SessionGuard.php93-96), RequestGuard uses a static context key 'auth.guards.request' (src/Guards/RequestGuard.php73). This is acceptable because:
RequestGuard is typically not used with multiple guard instances simultaneouslyThe Context system in Hyperf provides coroutine-safe storage, ensuring that concurrent requests don't interfere with each other. Each coroutine has its own context, so cached users in RequestGuard are isolated per request.
Sources: src/Guards/RequestGuard.php40-74 src/Guards/SessionGuard.php93-96
RequestGuard does not implement StatefulGuard, meaning:
login() method availablelogout() method availableattempt() method for credential validationThe authentication callback is responsible for:
Authenticatable instanceThe static context key 'auth.guards.request' means that multiple RequestGuard instances in the same request will share the same cache. If you need multiple request guards, you should extend the class and override getContextKey().
Exceptions thrown by the callback are caught and result in null authentication (src/Guards/RequestGuard.php51-52). Consider logging errors within the callback if debugging is needed, as exceptions are silently suppressed.
Sources: src/Guards/RequestGuard.php1-76
Refresh this wiki