Authorize function is not working with middleware | Laravel

Question

I have an authorization using middleware where Function could only run when authorized

this is my middleware:

class IsAdmin
{
    public function handle($request, Closure $next)
    {
        if (auth()->check() && auth()->user()->is_admin == 1) {
            return $next($request);
        }

        return abort(403, 'Forbidden');
    }
}

my Controller:

public function destroy(int $bookId, int $reviewId, Request $request)
{
    // @TODO implement

    $check_bookReview = BookReview::firstWhere('id', $reviewId)->where('book_id', $bookId);
    if ($check_bookReview && isAdmin()) {
        BookReview::destroy($reviewId);
        return response()->noContent();
    } else {
        abort(404);
    }
}

and my api.php as well my Kernel:

'auth.admin' => \App\Http\Middleware\IsAdmin::class

Route::group(['middleware' => ['auth.admin']], function (){
Route::post('/books', 'BooksController@store');
Route::post('/books/{id}/reviews', 'BooksReviewController@store');
Route::delete('/books/{bookId}/reviews/{reviewId}', 'BooksReviewController@destroy');
});

and i have a User db field where it contains api_token and is_admin like below:

and my Postman still return 403 forbidden while i already gave an authorization by headers:

what should i do here, to fulfill my function?

Answer 1

Looks like your Authenticate middleware is not working, so it likely fails on auth()->check().

Make sure to use the auth middleware from Laravel, you can also use a guard as described here: https://laravel.com/docs/9.x/authentication#protecting-routes