Unable to authorize users using middleware

[andrzejkupczyk]

What is the issue?

1. I'm not able to limit access to the /health endpoint using middleware. There's no way to retrieve the user making the request ($request->user() returns null). Am I missing something?
2. Not sure if it is possible to use middleware with parameters (e.g. role:admin)?

Steps To Reproduce

Use existing middleware, e.g.:

    'middleware' => [
        \App\Http\Middleware\Authenticate::class,
    ],

or try with a custom one (try to dump the user) and visit the /health endpoint.

As you can see I was redirected to the login page, but since I was already logged in, the app redirected me back to the home page.

Expected behaviour

If the user is authenticated, the user object should be accessible so I could make some additional authorization checks.

Additional context

Works fine when the middleware parameter is empty or contains a middleware which does not try to access the user object.

Tested with Laravel 8.76.1.

[Gman98ish]

Sorry, just saw this @andrzejkupczyk

You might also need to add the StartSession middleware first, potentially the cookie ones as well

The /health endpoint has no middleware on it by default, so might be an idea to copy/paste the 'web' defaults:

https://github.com/laravel/laravel/blob/9.x/app/Http/Kernel.php#L35

I'll have a think about how better to solve this