Authentication Routes

Overview

Dashboard Laravel handles all authentication through the AuthController. The authentication system includes login, registration, and logout functionality.

Method	Path	Route Name	Controller Method	Purpose
GET	`/`	home	showLogin	Display login form
POST	`/login`	login	login	Process login
POST	`/logout`	logout	logout	Process logout
GET	`/signup`	signup	showRegister	Display registration form
POST	`/signup`	register	register	Process registration

Route Definitions

All authentication routes are defined in routes/web.php and handled by the AuthController:

use App\Http\Controllers\AuthController;

Route::get('/',        [AuthController::class, 'showLogin'])->name('home');
Route::post('/login',  [AuthController::class, 'login'])->name('login');
Route::post('/logout', [AuthController::class, 'logout'])->name('logout');

Route::get('/signup',  [AuthController::class, 'showRegister'])->name('signup');
Route::post('/signup', [AuthController::class, 'register'])->name('register');

Show Login Form
Process Login

GET

Displays the login page for users to authenticate

Route::get('/', [AuthController::class, 'showLogin'])->name('home');

Controller Method: AuthController@showLoginReturns: Login view/formExample Usage:

// Redirect to login
return redirect()->route('home');

// Generate URL
$url = route('home'); // Returns: http://yourapp.com/

Authenticates user credentials and creates a session

Route::post('/login', [AuthController::class, 'login'])->name('login');

Controller Method: AuthController@loginExpected Input: User credentials (email/username and password)Example Usage:

<form method="POST" action="{{ route('login') }}">
    @csrf
    <input type="email" name="email" required>
    <input type="password" name="password" required>
    <button type="submit">Login</button>
</form>

The root path / serves as the login page, making it the application’s entry point for unauthenticated users.

Registration Routes

Show Registration Form
Process Registration

Displays the registration form for new users

Route::get('/signup', [AuthController::class, 'showRegister'])->name('signup');

Controller Method: AuthController@showRegisterReturns: Registration view/formExample Usage:

// Link to registration
<a href="{{ route('signup') }}">Create Account</a>

Creates a new user account and authenticates the user

Route::post('/signup', [AuthController::class, 'register'])->name('register');

Controller Method: AuthController@registerExpected Input: New user information (name, email, password, etc.)Example Usage:

<form method="POST" action="{{ route('register') }}">
    @csrf
    <input type="text" name="name" required>
    <input type="email" name="email" required>
    <input type="password" name="password" required>
    <input type="password" name="password_confirmation" required>
    <button type="submit">Sign Up</button>
</form>

Both GET and POST routes for signup use the same path /signup but different HTTP methods, following RESTful conventions.

Logout Route

/logout

POST

Logs out the authenticated user and destroys their session

Route::post('/logout', [AuthController::class, 'logout'])->name('logout');

Controller Method: AuthController@logout HTTP Method: POST (not GET for security reasons) Example Usage:

<form method="POST" action="{{ route('logout') }}">
    @csrf
    <button type="submit">Logout</button>
</form>

Logout uses POST method to prevent CSRF attacks. Never use GET requests for state-changing operations like logout.

Route Protection

Current Implementation

The authentication routes in web.php don’t show explicit middleware configuration. However, proper route protection should be implemented:

// Recommended: Protect dashboard routes
Route::middleware(['auth'])->group(function () {
    Route::get('/dashboard', fn() => view('welcome'))->name('dashboard');
    Route::get('/estadisticas', fn() => view('estadisticas'))->name('estadisticas');
    // ... other protected routes
});

// Guest-only routes (redirect if authenticated)
Route::middleware(['guest'])->group(function () {
    Route::get('/', [AuthController::class, 'showLogin'])->name('home');
    Route::get('/signup', [AuthController::class, 'showRegister'])->name('signup');
});

Consider implementing middleware groups to:

Protect dashboard routes with auth middleware
Prevent authenticated users from accessing login/signup with guest middleware
Add CSRF protection (automatically included in Laravel’s web middleware)

Middleware Usage

Laravel’s default web middleware group is automatically applied to all routes in web.php:

CSRF Protection: Validates CSRF tokens on POST requests
Session Handling: Manages user sessions
Cookie Encryption: Encrypts cookies
Validation: Validates incoming requests

Recommended Additional Middleware

Auth Middleware
Guest Middleware
Throttle Middleware

Route::middleware('auth')->group(function () {
    Route::get('/dashboard', fn() => view('welcome'))->name('dashboard');
    Route::post('/logout', [AuthController::class, 'logout'])->name('logout');
});

Ensures only authenticated users can access protected routes.

Route::middleware('guest')->group(function () {
    Route::get('/', [AuthController::class, 'showLogin'])->name('home');
    Route::post('/login', [AuthController::class, 'login'])->name('login');
    Route::get('/signup', [AuthController::class, 'showRegister'])->name('signup');
    Route::post('/signup', [AuthController::class, 'register'])->name('register');
});

Redirects authenticated users away from login/signup pages.

Route::middleware('throttle:5,1')->group(function () {
    Route::post('/login', [AuthController::class, 'login'])->name('login');
    Route::post('/signup', [AuthController::class, 'register'])->name('register');
});

Rate limits authentication attempts (5 requests per minute).

AuthController Methods

The AuthController handles all authentication logic:

use App\Http\Controllers\AuthController;

Controller Methods

Displays the login form view

Validates credentials and authenticates the user

logout

method

Logs out the current user and invalidates the session

showRegister

method

Displays the registration form view

method

Validates input, creates a new user, and authenticates them

Example: Complete Authentication Flow

// 1. User visits homepage (unauthenticated)
GET / → AuthController@showLogin → login.blade.php

// 2. User submits login form
POST /login → AuthController@login → (validates) → redirect to /dashboard

// 3. User browses dashboard (authenticated)
GET /dashboard → dashboard view

// 4. User logs out
POST /logout → AuthController@logout → redirect to /

Ensure your AuthController implements proper validation, password hashing, and session management for secure authentication.

Controllers

Models

Routes

Authentication Routes

Overview