GhazaliTajuddin.com

Another Kuantan Blogger

Authentication

Laravel Middleware

by Leave a Comment

Middleware is a class that have special function in Laravel.

Middleware placed in between the User and  Apps. 

Before you can access the Apps, Middleware will do his job first.

We can use Middleware to do several thing

  • Do you authenticated?
  • What is your role?
  • Do you authorized?
  • Can you perform this action?
  • etc
class MemberMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {

        //1. User must be authenticated
        //2. User must should be a "member"
        

        if(Sentinel::check() && Sentinel::getUser()->roles()->first()->slug == 'member')

            return $next($request);

        else

            return redirect('/login')->withErrors('Please login to access this area.');
        

        
    }
}

Another example

class ProfileMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {

        1. Get Profile Id
        2. Get Profile User Id
        3. User must own the Profile

        //$ProfileId = $request->segments()[1]; //boleh pakai
        //$profileId= Profile::find($this->route()->parameter('profileShow'));
        
        $ProfileId = $request->route()->parameter('id'); //boleh pakai
        $profile = Profile::findOrFail($ProfileId);

        if ($profile->user_id !== Sentinel::getUser()->id) {
            
           // dd($request->user()->id);
           // abort(403, 'Unauthorized action.');
              // return redirect('/profile')->withError('Permission Denied');
            return redirect()->back()->withErrors('Permission Denied!');
            }

        return $next($request);
        
    }
}

Another finest!

class ProfileMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        //get User Id
        $UserId=$request->id;

        //get User Profile
        $profile=Profile::whereUserId($UserId)->first();

        if ($profile->user_id !== Sentinel::getUser()->id) {         
            return redirect()->back()->withErrors('Permission Denied!');
            }

        return $next($request);
        
    }
}

 

Laravel 5.3 Authentication

by Leave a Comment

Antara perkara penting dalam membangunkan applikasi adalah sistem pengurusan akses maklumat atau pun authentication & authorization.

Laravel telah memudahkan kerja kita dengan menyediakan scaffolding authentication nya tersendiri.

Anda hanya perlu install sahaja.

Tetapi untuk install sistem authentication ini ia perlu dilaksanakan pada fresh setup SAHAJA.

Execute code berikut untuk install Auth

php artisan make:auth

untuk migrate database

php artisan migrate

Dah siap!

Sekarang anda boleh ke http://domainanda/register/.

Jika anda buka file route web.php. Anda akan lihat ada panggilan method Auth::routes(). Apakah kegunaan Auth:routes() ini sebenarnya? Apa fungsi terkandung dalamnya? Apa route yang telah diistiharkan?

Ia sebenarnya adalah helper yang telah disediakan oleh Laravel.

Routes berkenaan boleh didapati disini

/vendor/laravel/framework/src/Illuminate/Routing/Router.php

Ia kelihatan sebegini

public function auth()
{
// Authentication Routes...
$this->get('login', 'Auth\LoginController@showLoginForm')->name('login');
$this->post('login', 'Auth\LoginController@login');
$this->post('logout', 'Auth\LoginController@logout')->name('logout');

// Registration Routes...
$this->get('register', 'Auth\RegisterController@showRegistrationForm');
$this->post('register', 'Auth\RegisterController@register');

// Password Reset Routes...
$this->get('password/reset', 'Auth\ForgotPasswordController@showLinkRequestForm');
$this->post('password/email', 'Auth\ForgotPasswordController@sendResetLinkEmail');
$this->get('password/reset/{token}', 'Auth\ResetPasswordController@showResetForm');
$this->post('password/reset', 'Auth\ResetPasswordController@reset');
}

 

 

 

 

Resource:

  • https://laracasts.com/discuss/channels/laravel/laravel-53-routing-as-authroutes?page=1
  • http://stackoverflow.com/questions/39196968/laravel-5-3-new-authroutes/39197278#39197278
  • https://github.com/laravel/framework/blob/5.3/src/Illuminate/Routing/Router.php