Protect admin routes with new eloquent sessions

When using Laravel’s own auth middleware an exception would then get
thrown which was being sent to Slack, hmmm.

So I modified the original MyAuthMiddleware to use the Auth facade
instead of a custom session key.

A logout page has also been added.

app/Http/Controllers/AuthController.php

@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Http\Controllers;
 
-use Illuminate\View\View;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Http\RedirectResponse;
 
@@ -40,4 +39,31 @@ class AuthController extends Controller
 
         return redirect()->route('login');
     }
+
+    /**
+     * Show the form to logout a user.
+     *
+     * @return \Illuminate\View\View|\Illuminate\Http\RedirectResponse
+     */
+    public function showLogout()
+    {
+        if (Auth::check() === false) {
+            // The user is not logged in, just redirect them home
+            return redirect('/');
+        }
+
+        return view('logout');
+    }
+
+    /**
+     * Log the user out from their current session.
+     *
+     * @return \Illuminate\Http\RedirectResponse;
+     */
+    public function logout(): RedirectResponse
+    {
+        Auth::logout();
+
+        return redirect('/');
+    }
 }

app/Http/Middleware/MyAuthMiddleware.php

@@ -6,6 +6,7 @@ namespace App\Http\Middleware;
 
 use Closure;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
 
 class MyAuthMiddleware
 {
@@ -18,7 +19,7 @@ class MyAuthMiddleware
      */
     public function handle(Request $request, Closure $next)
     {
-        if ($request->session()->has('loggedin') !== true) {
+        if (Auth::check($request->user()) == false) {
             //they’re not logged in, so send them to login form
             return redirect()->route('login');
         }

resources/views/logout.blade.php

@@ -0,0 +1,10 @@
+@extends('master')
+@section('title')Logout @stop
+
+@section('content')
+    <h2>Logout</h2>
+    <form action="logout" method="post">
+        <input type="hidden" name="_token" value="{{ csrf_token() }}">
+        <input type="submit" name="submit" value="Logout">
+    </form>
+@stop

routes/web.php

@@ -20,10 +20,14 @@ Route::group(['domain' => config('url.longurl')], function () {
     // Static colophon page
     Route::view('colophon', 'colophon');
 
-    //The login routes to get authe'd for admin
+    // The login routes to get auth'd for admin
     Route::get('login', 'AuthController@showLogin')->name('login');
     Route::post('login', 'AuthController@login');
 
+    // And the logout routes
+    Route::get('logout', 'AuthController@showLogout')->name('logout');
+    Route::post('logout', 'AuthController@logout');
+
     // Admin pages grouped for filter
     Route::group([
         'middleware' => 'myauth',
@@ -139,7 +143,7 @@ Route::group(['domain' => config('url.longurl')], function () {
     Route::post('api/media', 'MicropubController@media')->middleware('micropub.token', 'cors')->name('media-endpoint');
     Route::options('/api/media', 'MicropubController@mediaOptionsResponse')->middleware('cors');
 
-    //webmention
+    // Webmention
     Route::get('webmention', 'WebMentionsController@get');
     Route::post('webmention', 'WebMentionsController@receive');