Protect admin routes with new eloquent sessions

When using Laravel’s own auth middleware an exception would then get thrown which was being sent to Slack, hmmm. So I modified the original MyAuthMiddleware to use the Auth facade instead of a custom session key. A logout page has also been added.
2019-03-23 09:35:07 +00:00 · 2019-03-23 09:35:07 +00:00 · 2e79492b01
commit 2e79492b01
parent db3708bbb6
4 changed files with 58 additions and 17 deletions
--- a/app/Http/Controllers/AuthController.php
+++ b/app/Http/Controllers/AuthController.php
@ -4,7 +4,6 @@ declare(strict_types=1);
 namespace App\Http\Controllers;
 use Illuminate\View\View;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Http\RedirectResponse;
@ -40,4 +39,31 @@ class AuthController extends Controller
        return redirect()->route('login');
    }
    /**
     * Show the form to logout a user.
     *
     * @return \Illuminate\View\View|\Illuminate\Http\RedirectResponse
     */
    public function showLogout()
    {
        if (Auth::check() === false) {
            // The user is not logged in, just redirect them home
            return redirect('/');
        }
        return view('logout');
    }
    /**
     * Log the user out from their current session.
     *
     * @return \Illuminate\Http\RedirectResponse;
     */
    public function logout(): RedirectResponse
    {
        Auth::logout();
        return redirect('/');
    }
 }
--- a/app/Http/Middleware/MyAuthMiddleware.php
+++ b/app/Http/Middleware/MyAuthMiddleware.php
@ -6,6 +6,7 @@ namespace App\Http\Middleware;
 use Closure;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 class MyAuthMiddleware
 {
@ -18,7 +19,7 @@ class MyAuthMiddleware
     */
    public function handle(Request $request, Closure $next)
    {
-        if ($request->session()->has('loggedin') !== true) {
+        if (Auth::check($request->user()) == false) {
            //they’re not logged in, so send them to login form
            return redirect()->route('login');
        }
--- a/resources/views/logout.blade.php
+++ b/resources/views/logout.blade.php
@ -0,0 +1,10 @@
@extends('master')
@section('title')Logout @stop
@section('content')
    <h2>Logout</h2>
    <form action="logout" method="post">
        <input type="hidden" name="_token" value="{{ csrf_token() }}">
        <input type="submit" name="submit" value="Logout">
    </form>
@stop
--- a/routes/web.php
+++ b/routes/web.php
@ -14,17 +14,21 @@
 Route::group(['domain' => config('url.longurl')], function () {
    Route::get('/', 'NotesController@index');
-    //Static project page
+    // Static project page
    Route::view('projects', 'projects');
-    //Static colophon page
+    // Static colophon page
    Route::view('colophon', 'colophon');
-    //The login routes to get authe'd for admin
+    // The login routes to get auth'd for admin
    Route::get('login', 'AuthController@showLogin')->name('login');
    Route::post('login', 'AuthController@login');
-    //Admin pages grouped for filter
+    // And the logout routes
    Route::get('logout', 'AuthController@showLogout')->name('logout');
    Route::post('logout', 'AuthController@logout');
    // Admin pages grouped for filter
    Route::group([
        'middleware' => 'myauth',
        'namespace' => 'Admin',
@ -42,7 +46,7 @@ Route::group(['domain' => config('url.longurl')], function () {
            Route::delete('/{id}', 'ArticlesController@destroy');
        });
-        //Notes
+        // Notes
        Route::group(['prefix' => 'notes'], function () {
            Route::get('/', 'NotesController@index');
            Route::get('/create', 'NotesController@create');
@ -52,7 +56,7 @@ Route::group(['domain' => config('url.longurl')], function () {
            Route::delete('/{id}', 'NotesController@destroy');
        });
-        //Micropub Clients
+        // Micropub Clients
        Route::group(['prefix' => 'clients'], function () {
            Route::get('/', 'ClientsController@index');
            Route::get('/create', 'ClientsController@create');
@ -62,7 +66,7 @@ Route::group(['domain' => config('url.longurl')], function () {
            Route::delete('/{id}', 'ClientsController@destroy');
        });
-        //Contacts
+        // Contacts
        Route::group(['prefix' => 'contacts'], function () {
            Route::get('/', 'ContactsController@index');
            Route::get('/create', 'ContactsController@create');
@ -73,7 +77,7 @@ Route::group(['domain' => config('url.longurl')], function () {
            Route::get('/{id}/getavatar', 'ContactsController@getAvatar');
        });
-        //Places
+        // Places
        Route::group(['prefix' => 'places'], function () {
            Route::get('/', 'PlacesController@index');
            Route::get('/create', 'PlacesController@create');
@ -86,7 +90,7 @@ Route::group(['domain' => config('url.longurl')], function () {
            Route::delete('/{id}', 'PlacesController@destroy');
        });
-        //Likes
+        // Likes
        Route::group(['prefix' => 'likes'], function () {
            Route::get('/', 'LikesController@index');
            Route::get('/create', 'LikesController@create');
@ -97,7 +101,7 @@ Route::group(['domain' => config('url.longurl')], function () {
        });
    });
-    //Blog pages using ArticlesController
+    // Blog pages using ArticlesController
    Route::group(['prefix' => 'blog'], function () {
        Route::get('/feed.rss', 'FeedsController@blogRss');
        Route::get('/feed.atom', 'FeedsController@blogAtom');
@ -107,7 +111,7 @@ Route::group(['domain' => config('url.longurl')], function () {
        Route::get('/{year}/{month}/{slug}', 'ArticlesController@show');
    });
-    //Notes pages using NotesController
+    // Notes pages using NotesController
    Route::group(['prefix' => 'notes'], function () {
        Route::get('/', 'NotesController@index');
        Route::get('/feed.rss', 'FeedsController@notesRss');
@ -139,15 +143,15 @@ Route::group(['domain' => config('url.longurl')], function () {
    Route::post('api/media', 'MicropubController@media')->middleware('micropub.token', 'cors')->name('media-endpoint');
    Route::options('/api/media', 'MicropubController@mediaOptionsResponse')->middleware('cors');
-    //webmention
+    // Webmention
    Route::get('webmention', 'WebMentionsController@get');
    Route::post('webmention', 'WebMentionsController@receive');
-    //Contacts
+    // Contacts
    Route::get('contacts', 'ContactsController@index');
    Route::get('contacts/{nick}', 'ContactsController@show');
-    //Places
+    // Places
    Route::get('places', 'PlacesController@index');
    Route::get('places/{slug}', 'PlacesController@show');
@ -156,7 +160,7 @@ Route::group(['domain' => config('url.longurl')], function () {
    Route::post('update-colour-scheme', 'SessionStoreController@saveColour');
 });
-//Short URL
+// Short URL
 Route::group(['domain' => config('url.shorturl')], function () {
    Route::get('/', 'ShortURLsController@baseURL');
    Route::get('@', 'ShortURLsController@twitter');