leafsphp
diff --git a/‎.vitepress/config/sidebar.ts‎
Lines changed: 3 additions & 3 deletions b/‎.vitepress/config/sidebar.ts‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎src/docs/auth/protected-routes.md‎
Lines changed: 140 additions & 0 deletions b/‎src/docs/auth/protected-routes.md‎
Lines changed: 140 additions & 0 deletions
diff --git a/‎src/docs/data/encryption.md‎
Lines changed: 129 additions & 1 deletion b/‎src/docs/data/encryption.md‎
Lines changed: 129 additions & 1 deletion
@@ -10,7 +10,6 @@ const sidebar = [
       { text: 'Using Docker', link: '/docs/docker' },
       { text: 'Migration Guide', link: '/docs/migrating' },
       { text: 'Functional Mode', link: '/docs/config/functional-mode' },
-      { text: 'Leaf + MVC', link: '/docs/mvc/' },
       { text: 'Modules', link: '/docs/modules' },
     ],
   },
@@ -74,7 +73,7 @@ const sidebar = [
       { text: 'Debugging', link: '/docs/config/debugging' },
       // { text: 'Leaf Devtools', link: '/docs/utils/devtools' },
       // { text: 'Deployment', link: '/docs/config/deployment' },
-      { text: 'Testing', link: '/docs/utils/testing' },
+      { text: 'Testing/Linting', link: '/docs/utils/testing' },
     ],
   },
   {
@@ -116,7 +115,7 @@ const sidebar = [
       { text: 'Validation', link: '/docs/data/validation' },
       { text: 'CSRF Protection', link: '/docs/security/csrf' },
       { text: 'Leaf Password', link: '/docs/data/encryption' },
-      { text: 'Leaf Anchor', link: '/docs/security/anchor' },
+      { text: 'General Security', link: '/docs/security/anchor' },
     ],
   },
   {
@@ -153,6 +152,7 @@ const sidebar = [
     // collapsible: true,
     // collapsed: true,
     items: [
+      { text: 'Leaf + MVC', link: '/docs/mvc/' },
       { text: 'MVC Config', link: '/docs/config/mvc' },
       { text: 'Controllers', link: '/docs/mvc/controllers' },
       { text: 'Views', link: '/docs/frontend/mvc' },
 
@@ -1 +1,141 @@
 # Protected Routes
+
+<!-- markdownlint-disable no-inline-html -->
+
+There are usually parts of your application that you want to be available to only logged in users or guest users. That's where protected routes come in. Protected routes are setup to allow users with a certain authentication status to access them.
+
+## The `user` method
+
+The `user()` method is a way to check if a user is logged in. It returns the currently logged in user if an authenticated user is found and `null` if a user is not logged in.
+
+This works for both session and token based authentication. In case of token based authentication, Leaf Auth will also check if the token is valid. If it is, the user is returned, if not, `null` is returned. You can get the reason for the authentication failure by calling the `errors()` method.
+
+```php{1,7}
+$user = auth()->user();
+
+if ($user) {
+  // user is logged in
+} else {
+  // user is not logged in
+  $errors = auth()->errors();
+}
+```
+
+Using this method, you can easily protect your routes by checking if a user is logged in. If a user is not logged in, you can redirect them to the login page or return a 401 error. Here's an example:
+
+```php
+app()->get('/protected', function () {
+  $user = auth()->user();
+
+  if ($user) {
+    // user is logged in
+  } else {
+    // user is not logged in
+    response()->redirect('/login');
+  }
+});
+```
+
+For API routes, you can return a 401 error if a user is not logged in.
+
+```php
+app()->get('/protected', function () {
+  $user = auth()->user();
+
+  if ($user) {
+    // user is logged in
+  } else {
+    // user is not logged in
+    response()->json([
+      "error" => "Unauthorized",
+      "data" => auth()->errors(),
+    ], 401);
+  }
+});
+```
+
+## The `id` method
+
+The id() method lets you get the ID of the user who is currently logged in. This is helpful when you need to work with the user's ID in your app. If no user is logged in, the method returns `null` instead.
+
+```php
+app()->get('/protected', function () {
+  $id = auth()->id();
+
+  if ($id) {
+    // user is logged in
+  } else {
+    // user is not logged in
+    response()->redirect('/login');
+  }
+});
+```
+
+## Using Middleware
+
+Leaf Auth also provides a middleware that you can use to protect your routes. The `auth` middleware checks if a user is logged in and allows you to set a callback function to run if a user is not logged in.
+
+```php
+auth()->middleware('auth.required', function () {
+  response()->redirect('/login');
+});
+```
+
+Once you have defined a callback for the middleware, you can use it in your routes like this:
+
+```php
+app()->get('/protected', ['middleware' => 'auth.required', function () {
+  // this route is protected
+}]);
+
+// or on a route group
+app()->group('/protected', ['middleware' => 'auth.required', function () {
+  app()->get('/route', function () {
+    // this route is protected
+  });
+}]);
+```
+
+If you use this method, the middleware will run before the route is executed. If the user is not logged in, the callback function you defined will be executed. This means you can remove the check for a logged in user from your route handler.
+
+```php
+app()->get('/protected', ['auth.required', function () {
+  $user = auth()->user();
+
+  // no need to check if user is logged in
+}]);
+```
+
+## Protected Guest Routes
+
+You can also protect routes that should only be accessible to guest users. This is useful for routes like the login and register routes. You can use the `auth.guest` middleware to protect these routes.
+
+```php
+auth()->middleware('auth.guest', function () {
+  response()->redirect('/dashboard');
+});
+```
+
+You can then use this middleware on your guest routes like this:
+
+```php
+app()->get('/login', ['middleware' => 'auth.guest', function () {
+  // this route is only accessible to guest users
+}]);
+```
+
+This middleware will run before the route is executed. If a user is logged in, the callback function you defined will be executed. This means you can remove the check for a guest user from your route handler.
+
+```php
+app()->get('/login', ['auth.guest', function () {
+  // no need to check if the user is a guest
+}]);
+```
+
+## Session Guards <Badge type="danger" text="DEPRECATED" />
+
+The previous version of Leaf Auth had a feature called session guards. This feature has been deprecated in the latest version of Leaf Auth. If you were using session guards in your app, you can switch to the new middleware system to protect your routes.
+
+The middleware system is more flexible and allows you to define more complex authentication logic using the middleware callback functions. 
+
+You can also use the middleware system to protect routes for both logged in and guest users, which is essentially what session guards were used for.
@@ -1 +1,129 @@
-# Data Encryption
+# Password Encryption
+
+Password encoding and verification are one of the most important parts of any application. This usually involves a lot of security concerns and can be a pain to implement. Leaf makes this process a lot easier with the password helper.
+
+Before you go on, Leaf already has a [full authentication system](/docs/auth/) that comes with simple authentication, session/token management and so much more. Your use case may already be covered by Leaf Auth, so be sure to check that first.
+
+## Setting up
+
+You can install the password helper using the Leaf CLI:
+
+::: code-group
+
+```bash:no-line-numbers [Leaf CLI]
+leaf install password
+```
+
+```bash:no-line-numbers [Composer]
+composer require leafs/password
+```
+
+:::
+
+From there, you can use any of the Password methods.
+
+## spice
+
+Just as the name implies, spice adds a little "spice" to users' passwords. They help make even weak passwords a pain for systems to crack by chaining additional characters to the password before encoding or decoding.
+
+A weak password like `password123` when spiced can become `@X$p0#f&password123` without pressing the user to stick to "Your password should contain numbers, letters and ...".
+
+The `spice` method can both be used to set and get the password spice.
+
+This sets the password spice which will be encrypted based on the hash you set:
+
+```php
+use Leaf\Helpers\Password;
+
+Password::spice('#@%7g0!&');
+```
+
+**The next examples will assume you've added `use Leaf\Helpers\Password`**
+
+This returns the password spice:
+
+```php
+$spice = Password::spice();
+```
+
+**Spices are automaticatically chained to all password related stuff, so after setting your spice, you don't need to worry about it.**
+
+## `Password::hash()`
+
+This method basically creates a password hash. It takes in 3 parameters:
+
+- The password to encrypt
+- The encryption hash (optional)
+- An array of options for the password hash (optional)
+
+```php
+$hash = Password::hash('USER_PASSWORD', Password::BCRYPT);
+```
+
+The default encryption hash used if none is provided is `Password::DEFAULT` which is `PASSWORD_DEFAULT`.
+
+Also, the most commonly used hashes, BCRYPT and Argon2 are accessible on the Password Helper object as `Password::BCRYPT` and `Password::ARGON2`.
+
+The final options array differs based on the hash you're using. See the [password algorithm constants](https://secure.php.net/manual/en/password.constants.php) for documentation on the supported options for each algorithm.
+
+## `Password::verify()`
+
+Verifying a user’s password has been made really simple thanks to the `verify()` method. Simply pass the plaintext password supplied by the user and compare it to the stored hash, like so:
+
+```php
+if (Password::verify($password, $hashedPassword)) {
+    // handle user login here
+}
+```
+
+verify returns true on success and false on failure.
+
+`$hashedPassword` in the following examples refers to the stored hashed password.
+
+## argon 2
+
+Argon2 is one encryption method heavily used by a lot of developers. Although creating and verifying passwords with argon2 is nothing difficult, Leaf makes it even simpler with methods targetting only argon.
+
+### `argon2()`
+
+This is a simply method used to create an Argon2 hash for your password. It takes in 2 parameters, the password to encrypt and the options for the hashing.
+
+```php
+$hash = Password::argon2($password, $options);
+```
+
+The options parameter is optional, but in case you want to set your own options, see the [password algorithm constants](https://secure.php.net/manual/en/password.constants.php) for documentation on the supported options for Argon2.
+
+### `argon2Verify()`
+
+This method simply checks the validity of an Argon2 hash.
+
+```php
+if (Password::argon2Verify($password, $hashedPassword)) {
+    // handle user login here
+}
+```
+
+## BCRYPT
+
+BCRYPT is another hash used widely by a lot of developers, especially since support with BCRYPT has been on longer than other hashes like Argon 2. We just make hashing with BCRYPT even easier than it currently is.
+
+### `bcrypt()`
+
+This is a simply method used to create an BCRYPT hash for your password. It takes in 2 parameters, the password to encrypt and the options for the hashing.
+
+```php
+$hash = Password::bcrypt($password, $options);
+```
+
+The options parameter is optional, but in case you want to set your own options, see the [password algorithm constants](https://secure.php.net/manual/en/password.constants.php) for documentation on the supported options for BCRYPT.
+
+### `brcyptVerify()`
+
+This method simply checks the validity of an BCRYPT hash.
+
+```php
+if (Password::brcyptVerify($password, $hashedPassword)) {
+    // handle user login here
+}
+```