Laravel 5.8 – From The Ground Up - Laravel 5.8 Tutorial From Scratch – e22 – Artisan Authentication Restricting Access with Middleware

Education, Programming

Laravel 5.8 – From The Ground Up

52 Lessons

Laravel 5.8 Tutorial From Scratch – e22 – Artisan Authentication Restricting Access with Middleware

in the previous episode we added a way for our users to register and create accounts in our app and we did all that in a single command however now it's

time for us to start locking up certain parts of our application so that only logged in users have access to this is a very common thing in websites as you of course will have restricted areas and

you'll have public areas now to achieve being able to lock certain parts of our application we need to introduce a brand new concept that we haven't touched up on before and that is middleware so what

exactly is a middleware now as the word suggests a middleware stands in the middle you might say well in the middle of what in very simple terms a middleware stands in between the request

and the response and the way it does that is by executing certain code now the code will either give it a green light or a red light so if the middleware gives it a green light it

will execute certain code and move on to the next middleware if it gives it a red light everything stops and then we basically execute some failsafe code in the case of authorization typically if a

user requests a page for which you need to be logged in for what it does is it redirects you to the login page basically assuming that you forgot to log in and you're used to this sequence

right so you request a page and all of a sudden you get the login page you say oh my session must be expired let me log back in and then you redirect there back to the original page that you requested

so that is a middleware in action that's what it does your request arrives at the middleware that is handling authorization and all of a sudden it realizes you're not logged in so it says

wait a minute let's show him the login form so that way the user can log in and either proceed or not now if it arrives there and you are logged in it simply just keeps going it does not redirect

you to the login page and that's a exactly what the auth middleware does in laravel so let me show you where they are set back to phpstorm go into app HTTP and middleware

so this middleware directory is what all of the middlewares are stored you can add as many middleware as you like but the ones inside this directory right now is what laravel ships with so what do

some of these do for example there's one here call check for maintenance mode and we haven't really talked about it just yet but since we've arrived here I'm gonna show you how to put your

application in maintenance mode let me head to Chrome I'm gonna hit refresh and of course our page is loading now if we go to our terminal and we ran the command PHP artisan down it puts our

application in maintenance mode and so let's see what the user would get refresh so it says 503 service unavailable this is what you would do to your application

if you're running some upgrades or changing some code in production and you just don't want your users seeing you while you're maintaining your page when you're ready to bring it back up you

will run PHP artisan up and now the application is live and if we refresh we get our application back so that is handled through a middleware what happens is that the request comes in it

checks it fits down for maintenance and if it is then it stops the request and it actually just sends back a response of 503 so that's one of them let's look at another one

then here's one redirect if authenticated this is typical right if you are authenticated then there's no reason for you to be redirected to the login page

instead you redirect it straight to home then that makes total sense there's a couple of other middleware here but the one that we are interested in is this authenticate so this is the one that we

need to tag on to our customers list to be able to control who has access to it there are two ways that we could apply a middleware at this point so the first one I'm going to show you is at the

route level so what you can do is you can lock up any route so I know that I want to lock up my customers out so right after resource I can tag on one method and say middleware and we can

say off use the off middleware okay let's hit save let's go back to the browser and now let's visit my customers list so you can see my customers list but that's because I am logged in I'm

gonna log out and then I'm gonna visit my customers list again so now this time I am redirected to the login page I can still see contact and about and home but as soon as I try to see my

customers list I no longer can see my customers list let me go ahead and login and now I can see my customers list I can edit a customer I can add a new customer I can do everything that I

could before but that's because I'm logged in the minute I log out again it will not let you do that as a matter of fact even if I was to enter the address like create address you're still

redirected to login what if I try to edit one nope you're still going back to the login page so just like that we've locked up the customers list and only registered and

logged in users are allowed to see that page so that's the first method I'm gonna delete middleware and let's just make sure that everything is back to working customers list yep so now our

customers are no longer locked up they're open to see I'm not logged in but I could still see customers so the second way that you can add a middleware is do it at the controller level so

let's do that one now let's go back to phpstorm I'm going to close my routes file and let's check out the customer controller and so I can add a construct method up here and I can call this

middleware and I can pass in the exact same thing off hit save come back hit refresh and now we no longer have access to our customers list now here's another nice little feature

if we added another method call right afterwards you see that we have two methods available only and accept so we can actually do this by method names right so if we only want

to lock up say the create method but we still want to allow edits then you can do that so what I'll actually do is I'm gonna say I want to lock everything up

except my index so I still want guests to be able to see my customers list but if you try to create one or you try to delete one or edit one for that you do need to be logged in all right let's

check it out I'm gonna refresh notice how I am not logged in so my customers list is visible now if I try to add a new customer nope you can't do that okay back to customer list what about

view details nope also can't do that and certainly we cannot edit one and we cannot create one so now we've been able to lock up everything but the index method and if you need the inverse of

this you would use the only so that's a nice way for you to be able to do things like comments for example typically comments are visible publicly you wouldn't really want to lock up your

comments but you typically wouldn't want a guest to be able to add a comment they're gonna add a comment to a section of your website then they need to be logged in and that makes sense so this

is sort of the same approach we're gonna let guests view all of our customers but of course you're not authorized to edit or create one unless you are signed in in my particular case I do want to lock

up that customers list altogether so I will remove that and now everything is locked up back to customers list and says nope you got to be signed in to be able to do that so just like that we can

protect an entire controller or an entire route or we can choose which parts of a controller we want to lock up unless you're logged in so those are the basics of middleware and authorization

in laravel five-point-eight

Let’s touch up on the basics of what a Middleware is and explore ways that we can apply one to require a user to be logged in and authenticated to view our customer list.

For the best experience, follow along in our interactive school at https://www.coderstape.com

Resources
Course Source Code
https://github.com/coderstape/laravel-58-from-scratch

Hit us up on Twitter with any questions or comments @codertape (https://twitter.com/CodersTape)

About This Course

Ready to get started on your path to Laravel Artisan? In this series, we are breaking down all of the basics of Laravel to get you comfortable using the world’s most popular PHP framework. Let’s get started!For the best experience, follow along in our interactive school at https://www.coderstape.com

It’s time for us to talk about registering users, login in users and resetting passwords. Up until now, a very daunting task, but with Laravel, it’s as simple as running php artisan make auth and everything just works. Let’s working on adding authentication to our Laravel application.

Resources
Course Source Code
https://github.com/coderstape/laravel-58-from-scratch

Hit us up on Twitter with any questions or comments @codertape (https://twitter.com/CodersTape)

About This Course

Ready to get started on your path to Laravel Artisan? In this series, we are breaking down all of the basics of Laravel to get you comfortable using the world’s most popular PHP framework. Let’s get started!

    add to database laravel admin laravel artisan Artisan Command artisan commend create artisan console artisan laravel command authentication in laravel belongsto belongsto laravel example coding tutorials create artisan command create command artisan create new command artisan Create your own crud laravel crud laravel tutorial crud resource laravel crud with file upload custom artisan commands custom artisan commands laravel custom laravel database configuration laravel database relationship digital ocean dotenv eager loading eager loading in laravel eager loading vs lazy loading laravel eloquent eloquent accessors eloquent mutators eloquent orm feature testing laravel fetching data in laravel filesystem laravel form requests full stack vue gate and policy laravel google optimize hasmany hasmany laravel hasmany laravel example hasmany relationship in laravel hasone hasone relationship in laravel How to create how to queue email how to use queue installing laravel intervention image laravel laravel 5 laravel 5 auth laravel 5.4 queue laravel 5.5 queue laravel 5.8 laravel 5.8 artisan command laravel 5.8 artisan console laravel 5.8 auth tutorial laravel 5.8 authentication laravel 5.8 commands laravel 5.8 crud laravel 5.8 crud example laravel 5.8 custom middleware laravel 5.8 deprecations laravel 5.8 eager loading laravel 5.8 elixir laravel 5.8 event listeners laravel 5.8 events laravel 5.8 feature laravel 5.8 features laravel 5.8 global middleware laravel 5.8 install laravel 5.8 lazy loading laravel 5.8 listeners laravel 5.8 middleware laravel 5.8 multi auth laravel 5.8 named resource routes laravel 5.8 named routes laravel 5.8 new feature laravel 5.8 own artisan command laravel 5.8 queue laravel 5.8 queues laravel 5.8 routing laravel 5.8 telescope laravel 5.8 tutorial laravel 5.8 user auth laravel 5.8 user authentication laravel 5.8 what's new laravel 5.9 laravel admin permissions laravel api laravel artisan command laravel artisan console laravel assets laravel auth laravel auth role laravel authentication laravel authorization laravel axios post example laravel background process laravel background task laravel background worker laravel beginner to master laravel belongsto laravel belongsto vs hasone laravel belongstomany laravel best packages laravel best practices laravel best tutorial laravel bootstrap laravel command laravel command line laravel commands tutorial laravel composer install laravel connect db laravel console command laravel console testing laravel contact form send email laravel controllers laravel create laravel crud laravel crud policy laravel custom command laravel custom middleware laravel database laravel database configuration laravel database relationships laravel database seeder laravel database settings laravel db seed laravel db settings laravel debugging laravel deploy aws laravel deploy digital ocean laravel deploy on digitalocean laravel deploy on server laravel deploy to production laravel deployment laravel digitalocean laravel drag and drop file upload laravel dropzone file upload laravel dropzone image upload laravel e-commerce laravel eager loading laravel eager loading tutorial laravel eager loading with condition laravel elixir laravel eloquent laravel eloquent belongsto laravel eloquent crud laravel eloquent hasmany laravel eloquent where laravel eloquest tutorial laravel events and queue laravel events tutorial laravel factory laravel feature test laravel feature testing laravel fetching data from database laravel file storage laravel fillable example laravel flash message notification laravel for beginners laravel form validation laravel forms laravel forms bootstrap snippets laravel from scratch laravel from the ground up laravel front end laravel frontend tutorial laravel gate and policy tutorial laravel global middleware laravel hasmany laravel hasone laravel i18n laravel installation laravel installation mac laravel intervention image tutorial laravel javascript tutorial laravel jobs queue laravel language laravel language switcher laravel language tutorial laravel languages laravel lazy loading laravel listener event laravel listeners laravel localization laravel login laravel mailable tutorial laravel many to many relationship example laravel markdown email laravel markdown mail laravel mass assignment laravel middleware laravel migrate fresh laravel mix laravel mix 5.8 laravel mix vue laravel model factory tutorial laravel multiple language laravel mysql json laravel named resource routes laravel named routes laravel new features laravel news laravel nginx laravel node modules laravel npm install laravel npm run watch error laravel one to one laravel paginate laravel paginate link laravel pagination laravel pagination 5.8 laravel pagination links laravel pagination tutorial laravel phpunit laravel phpunit testing laravel pivot table example laravel policy laravel preview laravel query optimization laravel queue laravel queue event listener laravel react laravel register user laravel registration laravel registration validation laravel relationships laravel reset password laravel role middleware laravel role permission laravel roles laravel route group middleware laravel routes laravel routing laravel routing with parameters laravel sass laravel save file to database laravel scopes laravel seo tutorial laravel server laravel session data laravel ssl laravel supervisor laravel tailwind css laravel tailwind setup laravel tdd laravel tdd tutorial laravel telescope laravel telescope installation laravel telescope tutorial laravel test driven development laravel test workflow laravel testing laravel testing controllers laravel testing tutorial laravel tools laravel translation laravel tutorial laravel tutorial for beginners laravel ubuntu server laravel ubuntu tutorial laravel unit testing controllers laravel upload file laravel upload image to storage laravel upload multiple files at once laravel upload multiple image to database laravel upload multiple images laravel url slug laravel vue laravel vue js crud laravel vue setup laravel vue tutorial laravel vue.js laravel webpack error laravel webpack tutorial lazy loading lazy loading laravel lazy loading vs eager loading learn laravel learn laravel framework step by step localization in laravel localization laravel many to many laravel mvc tutorial for beginners in php mvc tutorial laravel mysql mysql relational database mysql relationship n + 1 problem n + 1 problem laravel new artisan command npm install npm run dev npm run watch laravel one to many one to one one to one laravel own artisan command pagination pagination bootstrap pagination bootstrap php mysql pagination laravel pagination laravel bootstrap pagination links pagination php php php artisan php carbon immutable php framework php framework 2019 php what's new 2019 phpunit phpunit laravel phpunit testing pivot laravel policy laravel polymorphic relationships queue and events queue email queue for laravel queue jobs queue laravel 5.8 registration form relationship laravel eloquent relationship mysql restful controller role permission in laravel roles laravel route model binding laravel routing in laravel save image to database seo friendly seo friendly content writing seo friendly website seo laravel seo optimization simple pagination laravel slugify sqlite relational database sqlite relationships between tables symfony command console symfony laravel tailwind css tailwind laravel mix telescope laravel tutorial laravel unit testing unit testing laravel upload file laravel upload file php upload image laravel upload image to database php upload images laravel upload multiple files in php url slug laravel url slug php vue vue.js vuejs laravel why use laravel queue why use queue