Route and Middleware RainLab.User

apinard · February 7, 2023, 9:03pm

Hi,

I have two “sections” in my website.

public one : https://mywebsite.com
internal portal for customers/suppliers : https://mywebsite.com/hub/

I need all routes after /hub/ to be protected by RainLab.User authentification.

That being said, as per the plugin documentation:

Access to routes can be restricted by applying the AuthMiddleware.

Route::group(['middleware' => 'RainLab\User\Classes\AuthMiddleware'], function () {
    // All routes here will require authentication
});

So I tried this :

Route::middleware(['web', 'RainLab\User\Classes\AuthMiddleware'])->group(function () {
    Route::get('/hub/{any}', function () {

    })->where('any', '.*');
});

Which kinda work;

It’s returning ‘Forbidden’ if I am not logged in
But it giving me a blank page if I’m logged in, I think the response die inside the function.

Any ideas how it should be implemented ?

Thank you.

apinard · February 7, 2023, 9:19pm

I found an alternative. I let the thread open to see if there is a way with the routes.

I created a layout that I will use in all my /hub/* page with this:

[session]
redirect = "login"
security = "user"
==

marco.grueter · February 8, 2023, 7:50am

You did not set a controller action in your route or return a response, that is why you get a blank page. Or was that just in the example?

apinard · February 8, 2023, 1:28pm

Hi,

I know that. You can put “return ‘hi’;” if you want and you will see hi displayed and not a blank page.

What I was wondering is how can I wrap all my url’s after /hub/ with the Authentification middleware without adding any overhead (redirecting to a view etc.).

marco.grueter · February 8, 2023, 2:55pm

Well, if you define a route you’ll have to also define what should happen when that route is called. I don’t think there is a shortcut around this. How did you use your frontend routes without the authentication restriction?
Or are you asking about Laravels routing system? OCMSv2: Routing - Laravel - The PHP Framework For Web Artisans, OCMSv3: Routing - Laravel - The PHP Framework For Web Artisans

If it is a CMS page, I’d suggest - as you found out - to use the Session component, if it’s an API you want to protect you would put all the routes into a group and protect that group with the middleware etc. etc.

Imho the most important aspect is, that the protection and the target to protect are together. e. g. CMS page and Component, routes and middleware - but not CMS pages protected by a middleware.

marco.grueter · February 8, 2023, 3:01pm

One thing that might be what you want:
you can extend Rainlabs middleware with a custom plugin, add your middleware to the kernel for all calls, check in the middleware if it’s an URI you want to have protected and then hand off the request to Rainlabs middleware or let it through.

apinard · February 9, 2023, 2:05pm

thank you for your support @marco.grueter