Tempest is still a work in progress. Visit our GitHub or Discord

Authentication and Authorization

Logging in (authentication )and verifying whether a user is allowed to perform a specific action (authorization) are two crucial parts of any web application. Tempest comes with a built-in authenticator and authorizer, as well as a base User and Permission model (if you want to).

Authentication

Logging in a user can be done with the Authenticator class:

// app/AuthController.php

use Tempest\Auth\Authenticator;
use Tempest\Http\Request;
use Tempest\Http\Response;
use Tempest\Http\Responses\Redirect;

final readonly class AuthController 
{
    public function __construct(
        private Authenticator $authenticator
    ) {}    
    
    #[Post('/login')]
    public function login(Request $request): Response
    {
        $user = // …
        
        $this->authenticator->login($user);
        
        return new Redirect('/');
    }
}

Note that Tempest currently doesn't provide user management support (resolving a user from a request, user registration, password reset flow, etc.).

Authentication

You can protect controller routes using the #[Allow] attribute:

// app/AdminController.php

use Tempest\Auth\Allow;
use Tempest\Http\Response;

final readonly class AdminController
{
    #[Allow('permission')]
    public function index(): Response
    {
        // …
    }
}

Tempest uses a permission-based authorizer. That means that, in order for users to be allowed access to a route, they'll need to be granted the right permission. Permissions can be represented as strings or enums:

// app/AdminController.php

use Tempest\Auth\Allow;
use Tempest\Http\Response;

final readonly class AdminController
{
    #[Allow(UserPermission::ADMIN)]
    public function index(): Response
    {
        // …
    }
}

Built-in user model

Tempest's authenticator and authorizer are compatible with any class implementing the \Tempest\Auth\CanAuthenticate and \Tempest\Auth\CanAuthorize interfaces. However, Tempest comes with a pre-built User model that makes it easier to get started. In order to use Tempest's User implementation, you must install the auth files:

./tempest install auth
./tempest migrate:up

With this User model, you already have a lot of helper methods in place to build your own user management flow:

use App\Auth\User;

$user = (new User(
    name: 'Brent',
    email: 'brendt@stitcher.io',
))
    ->setPassword('password')
    ->save()
    ->grantPermission('admin');