如何使用auth中间件来管理不同用户类型的登录/重定向?
[英]How to use auth middleware to manage login/redirect of different user types?
问题描述
I want to set up two login paths, 
我想设置两个登录路径,
- /admin/ /管理/
- /users/ /用户/
Laravel 5 provides auth middleware for authentication. Laravel 5提供身份验证的auth中间件。 The middleware also provides default views for login, password reset, etc, which I'm planning use as-is, functionally. 中间件还提供登录,密码重置等的默认视图,我计划在功能上按原样使用。
!: What changes are needed in routes.php and in Controllers to manage these two logins? !:routes.php和控制器中需要进行哪些更改才能管理这两个登录?
!!: How do I manage their redirects (one to admin panel, other back to homepage)? !!:我如何管理他们的重定向(一个管理面板,另一个回到主页)? (presently auth redirects to 'home' view by default) (默认情况下,auth重定向到'home'视图)
Edit: I know how to prevent unauthorized access, however I'm talking about a setup where I can manage both accesses separately. 编辑:我知道如何防止未经授权的访问,但我在谈论一个我可以单独管理两个访问的设置。
3 个解决方案
解决方案1
4 2015-04-24 10:50:25
One way is to bind same controller to different paths if the user pool is actually the same. 一种方法是,如果用户池实际上是相同的,则将同一个控制器绑定到不同的路径。
You can decide where to redirect based on logged in user type in the RedirectIfAuthenticated Middleware. 您可以根据RedirectIfAuthenticated Middleware中登录的用户类型决定重定向的位置。
解决方案2
3 2015-04-24 11:43:07
You could check on your controller if the user is admin or user and present him the correct view, but do you really need a login page different for your users and admins? 您可以检查您的控制器,如果用户是管理员或用户并向他显示正确的视图,但您真的需要一个与您的用户和管理员不同的登录页面吗? Do you really need a recover password different for both? 你真的需要一个不同的恢复密码吗? If not then you can use the AuthController for both of them, if so then why don't you create two controllers that extend AuthController? 如果没有,那么你可以使用AuthController,如果是这样,为什么不创建两个扩展AuthController的控制器呢?
For me the best solution and to keep things clean and separated why don't you extend or even modify RedfirectIfAuthenticated 对我来说,最好的解决方案是保持清洁和分离,为什么不扩展甚至修改RedfirectIfAuthenticated
<?php namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Http\RedirectResponse;
use User;
class RedirectIfAuthenticated {
/**
* The Guard implementation.
*
* @var Guard
*/
protected $auth;
/**
* Create a new filter instance.
*
* @param Guard $auth
* @return void
*/
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($this->auth->check())
{
//we have a logged user check if it's admin
if($this->auth->user()->admin){
return new RedirectResponse(url('/admin'));
}else{
return new RedirectResponse(url('/user'));
}
}
return $next($request);
}
}
You could also create a middleware to protect your admin routes: 您还可以创建一个中间件来保护您的管理路由:
<?php namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Guard;
class VerifyAdmin {
/**
* The Guard implementation.
*
* @var Guard
*/
protected $auth;
/**
* Create a new filter instance.
*
* @param Guard $auth
* @return void
*/
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (!$this->auth->user()->admin)
{
if ($request->ajax())
{
return response('Unauthorized.', 401);
}
else
{
//redirect user or guest to home page or something like that
}
}
return $next($request);
}
}
register your middleware: 注册您的中间件:
// Within App\Http\Kernel Class...
protected $routeMiddleware = [
'auth' => 'App\Http\Middleware\Authenticate',
'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
'guest' => 'App\Http\Middleware\RedirectIfAuthenticated',
'auth.admin' => 'App\Http\Middleware\VerifyAdmin',
];
On your routes: 在你的路线上:
Route::group(['prefix' => 'admin', 'middleware' => 'auth.admin'], function()
{
Route::resource('profile','API\ProfileController');
});
解决方案3
3 2015-06-19 12:45:42
Admin and Users in the same laravel app is a bad idea simply because the app will share the same session and storage information. 同一个laravel应用程序中的管理员和用户只是一个坏主意,因为该应用程序将共享相同的会话和存储信息。 There will be a myriad of egde cases that will cause information to bleed through any logic "walls" you set up and you'll end up spending way too much time patching those bleeds. 将会有无数的egde案例会导致信息在你设置的任何逻辑“墙壁”中流血,你最终会花太多时间修补那些流血。 What you really want to do is set up separate laravel applications for each: admin.project.com & project.com. 您真正想要做的是为每个应用程序设置单独的laravel应用程序:admin.project.com&project.com。 That way you get two separate sessions and storage. 这样你就可以得到两个独立的会话和存储。 All you need to do is ensure that the databases you need are setup in both database.php config files. 您需要做的就是确保在database.php配置文件中设置所需的数据库。 You can even host BOTH projects on the same server with separate deployments, listening to different ports. 您甚至可以在具有单独部署的同一服务器上托管BOTH项目,并侦听不同的端口。 TRUST ME this is the best way to go. 相信我,这是最好的方式。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.