Using middleware

If we want it that a user must be authenticated before being able to perform a certain operation, we can pass an array as the second parameter with middleware as the key to force the route to call the auth middleware on the search method of AccommodationsController:

Route::get('search-accommodation',
  ['middleware' => 'auth','AccommodationsController@search']);

In this case, the user will be redirected to the login page if not authenticated.

Route groups

Routes may be grouped together to share the same middleware. For example, if we want to protect all of the routes in our application, we can create a route group and just pass in the key-value pair middleware and auth. The code is as follows:

Route::group(['middleware' => 'auth'], function()
{
  Route::resource('accommodations', 'AccommodationsController'),
  Route::resource('accommodations.amenities', 'AccommodationsAmenitiesController'),
  Route::resource('accommodations.rooms', 'AccommodationsRoomsController'),
  Route::resource('accommodations.locations', 'AccommodationsLocationsController'),
  Route::resource('amenities', 'AmenitiesController'),
  Route::resource('rooms', 'RoomsController'),
  Route::resource('locations', 'LocationsController'),
})

This protects every method of every route that lies inside the route group.

Multiple middleware in route groups

If even more protection is desired against nonauthenticated users, we could create a whitelist to only allow users within a certain range of IP addresses to access the application.

The following command will create the middleware that is needed:

$ php artisan make:middleware WhitelistMiddleware

The WhitelistMiddleware class looks like this:

<?php namespace MyCompanyHttpMiddleware;

use Closure;

class WhitelistMiddleware {
    private $whitelist = ['192.2.3.211'];
  /**
   * Handle an incoming request.
   *
   * @param  IlluminateHttpRequest  $request
   * @param  Closure  $next
   * @return mixed
   */
  public function handle($request, Closure $next)
  {
    if (in_array($request->getClientIp(),$this->whitelist)) {
      return $next($request);
    } else {
      return response('Unauthorized.', 401);
    }

  }
}

Here, a private $whitelist array was created with a list of the IP addresses that are set up within a company. Then, the remote port of the request is compared to the values in the array, and it is allowed to continue by returning the $next closure. Otherwise, an unauthorized response is returned.

Now, the whitelist middleware needs to be combined with the auth middleware. To use the whitelist middleware within the route group, an alias for the middleware needs to be created and inserted into the app/Http/Kernel.php file in the $routeMiddleware array. The code is as follows:

protected $routeMiddleware = [
  'auth' => 'MyCompanyHttpMiddlewareAuthenticate',
  'auth.basic' => 'IlluminateAuthMiddlewareAuthenticateWithBasicAuth',
  'guest' => 'MyCompanyHttpMiddlewareRedirectIfAuthenticated',
  'log' => 'MyCompanyHttpMiddlewareLogMiddleware',
  'whitelist' => 'MyCompanyHttpMiddlewareWhitelistMiddleware'
];

Next, to add this to the list of middlewares for this route group, it is necessary to substitute the string auth with an array, having both auth and whitelist as its contents. The code is as follows:

Route::group(['middleware' => ['auth','whitelist']], function()
{
  Route::resource('accommodations', 'AccommodationsController'),
  Route::resource('accommodations.amenities',
            'AccommodationsAmenitiesController'),
  Route::resource('accommodations.rooms', 'AccommodationsRoomsController'),
  Route::resource('accommodations.locations', 'AccommodationsLocationsController'),
  Route::resource('amenities', 'AmenitiesController'),
  Route::resource('rooms', 'RoomsController'),
  Route::resource('locations', 'LocationsController'),
});

Now, even if the user is logged in, it will not be possible to access the protected content unless the IP address is in the whitelist.

Also, if only some of the routes are desired to be whitelisted, routes group may be nested as follows:

Route::group(['middleware' => 'auth', function()
{
  Route::resource('accommodations', 'AccommodationsController'),
  Route::resource('accommodations.amenities',
            'AccommodationsAmenitiesController'),
  Route::resource('accommodations.rooms', 'AccommodationsRoomsController'),
  Route::resource('accommodations.locations', 'AccommodationsLocationsController'),
  Route::resource('amenities', 'AmenitiesController'),
  Route::group(['middleware' => 'whitelist'], function()
  {
    Route::resource('rooms', 'RoomsController'),
  });
  Route::resource('locations', 'LocationsController'),
});

This will require both authentication (auth) and whitelisting for the RoomsController, while all of the other controllers inside the route group will require only authentication.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset