By default, Laravel Telescope allows you to visit the /telescope route if:
- environment is
local - passes the
viewTelescopeGate check
By tracing how Telescope does it Authorization, I've found:
- It declares middlewares in its config file: Link
- Middleware used does checks via simple callback: Link
- The callback is stored via variable: Link
- The callback can be changed and is initialized initially as we know: Link
I wanted to do simple basic auth for my use-case which I did by doing the following:
public function boot(): void
{
Telescope::auth(function ($request) {
if (
$request->getUser() !== config('app.telescope.user') ||
$request->getPassword() !== config('app.telescope.password')
) {
abort(401, '', [
'WWW-Authenticate' => 'Basic realm="App"'
]);
}
return true;
});
}"But why?"
I'm lazy. This is fewer steps than:
- publish the config
- create a middleware
- replace the middleware in the config
Ironically, I spent an effort writing this.