[英]Trying to set up a multi-tenancy with Request data identification on Laravel 9.3
I'm trying to set op a multi-tenancy with request data identification on Laravel, but I can't find anything about it.我正在尝试在 Laravel 上设置带有请求数据标识的多租户操作,但我找不到任何相关信息。
Is it just so simple to follow this quikstart https://tenancyforlaravel.com/docs/v3/quickstart遵循这个 quikstart https://tenancyforlaravel.com/docs/v3/quickstart就这么简单吗
And then follow this step?然后按照这一步? https://tenancyforlaravel.com/docs/v3/tenant-identification/#Request-data-identification:~:text=public%20static%20property ).-,Request%20data%20identification,-You%20might%20want
https://tenancyforlaravel.com/docs/v3/tenant-identification/#Request-data-identification:~:text=public%20static%20property ).-,Request%20data%20identification,-You%20might%20want
So change my tent route from this所以改变我的帐篷路线
<?php
declare(strict_types=1);
use Illuminate\Support\Facades\Route;
use Stancl\Tenancy\Middleware\InitializeTenancyByDomain;
use Stancl\Tenancy\Middleware\PreventAccessFromCentralDomains;
/*
|--------------------------------------------------------------------------
| Tenant Routes
|--------------------------------------------------------------------------
|
| Here you can register the tenant routes for your application.
| These routes are loaded by the TenantRouteServiceProvider.
|
| Feel free to customize them however you want. Good luck!
|
*/
Route::middleware([
'web',
InitializeTenancyByDomain::class,
PreventAccessFromCentralDomains::class,
])->group(function () {
Route::get('/', function () {
return 'This is your multi-tenant application. The id of the current tenant is ' . tenant('id');
});
});
To this:对此:
<?php
declare(strict_types=1);
use Illuminate\Support\Facades\Route;
use Stancl\Tenancy\Middleware\InitializeTenancyByRequestData;
use Stancl\Tenancy\Middleware\PreventAccessFromCentralDomains;
/*
|--------------------------------------------------------------------------
| Tenant Routes
|--------------------------------------------------------------------------
|
| Here you can register the tenant routes for your application.
| These routes are loaded by the TenantRouteServiceProvider.
|
| Feel free to customize them however you want. Good luck!
|
*/
Route::middleware([
'web',
InitializeTenancyByRequestData::class,
PreventAccessFromCentralDomains::class,
])->group(function () {
Route::get('/', function () {
return 'This is your multi-tenant application. The id of the current tenant is ' . tenant('id');
});
});
The next thing you should do is to create a middleware in which you validate the x-tenant in the header or as query parameter as suggested in the documentation.接下来您应该做的是创建一个中间件,您可以在其中验证 header 中的 x-tenant 或作为文档中建议的查询参数。
I attach an example to do it with the header and JWT would be something like this:我附上一个例子来用 header 和 JWT 做这件事是这样的:
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
*/
public function handle(Request $request, Closure $next)
{
if($user = JWTAuth::parseToken()->authenticate())
{
if ($user->global_id != $request->header('x-tenant'))
{
return response()->json(['errors' => 'You do not have access to this tenant'], 401);
}
return $next($request);
}
}
Of course you would have to take into consideration other security aspects according to the nature of your app.当然,您必须根据应用的性质考虑其他安全方面的问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.