是否可以将应用程序数据绑定到Laravel 5中的请求

Question

Would it be advisable, if i am doing authentication in a middleware and adding some data to the \\Illuminate\\Http\\Request $request object and using that data in the controller by injecting \\Illuminate\\Http\\Request $request into the controller method?

The reason, the app needs to make a database call to find out if the credentials are valid and if it is, it returns something like a primary key that i use in subsequent db operations.

At the moment, everything is done in the controller. If i were to use a separate middleware for authentication, can i bind the data that my controller needs to the request object if the middleware check passes? if so, how should i go about doing it?

Inspiration - Expressjs way of binding and passing data along the request through a stack of middlewares / routes.

Answer 1

I dont understand - why dont you just use the Laravel authenticator?

You say:

The reason, the app needs to make a database call to find out if the credentials are valid and if it is, it returns something like a primary key that i use in subsequent db operations.

And that is exactly what the Laravel Authenticator does?

Then in your controller you can just do

`auth()->user()` // gives you the user record
`auth()->id()` // user_id from the DB
`auth()->user()->name` // gives you the `name` column off the record. You can change it to anything.

Edit: Meanwhile - you can still use the Laravel Authenticator package whilst using a legacy system for authentication. In your middleware you can do something like this:

if (doLegacyCheckHere()) {
      Auth::loginUsingId(1);
}

This means you can do your check via the neo4j graph db - and if it returns true that the user is authenticated correctly - then you just log them into the Laravel system yourself.

Answer 2

Yes, that is probably a good way to do it, as the build-in Laravel Authentication system works the same way: you can access a logged in user via $request::user() . See http://laravel.com/docs/5.0/authentication#retrieving-the-authenticated-user

Answer 3

It is ok to validate auth in the middleware. In my application we are using the same functionality to check if user sends the right access_code to access to the API methods. Even Laravel itself handles protected routes by Authenticate middleware.

The problem is, there is no silver bullet of how or where to store additional data.

One method is to store this in the user's session.

The second is to use Illuminate\\Foundation\\Application class itself. You can inject it into your middleware __constructor() and use it to save your data. Application class extends Container class that implements ArrayAccess interface that allows you to access to it's properties like it is an array. That allows you not only to get variables from the Application but to store them too. Not the best way though the simplest.

public function __construct(\Illuminate\Foundation\Application $app)
{
    $app['_foo'] = 'bar';
}

There are more such hacks but these are the simplest.