尝试在 Laravel 9.3 上设置带有请求数据标识的多租户

Question

I'm trying to set op a multi-tenancy with request data identification on Laravel, but I can't find anything about it.

Is it just so simple to follow this quikstart https://tenancyforlaravel.com/docs/v3/quickstart

And then follow this step? https://tenancyforlaravel.com/docs/v3/tenant-identification/#Request-data-identification:~:text=public%20static%20property ).-,Request%20data%20identification,-You%20might%20want

So change my tent route from this

<?php

declare(strict_types=1);

use Illuminate\Support\Facades\Route;
use Stancl\Tenancy\Middleware\InitializeTenancyByDomain;
use Stancl\Tenancy\Middleware\PreventAccessFromCentralDomains;

/*
|--------------------------------------------------------------------------
| Tenant Routes
|--------------------------------------------------------------------------
|
| Here you can register the tenant routes for your application.
| These routes are loaded by the TenantRouteServiceProvider.
|
| Feel free to customize them however you want. Good luck!
|
*/

Route::middleware([
    'web',
    InitializeTenancyByDomain::class,
    PreventAccessFromCentralDomains::class,
])->group(function () {
    Route::get('/', function () {
        return 'This is your multi-tenant application. The id of the current tenant is ' . tenant('id');
    });
});

To this:

<?php

declare(strict_types=1);

use Illuminate\Support\Facades\Route;
use Stancl\Tenancy\Middleware\InitializeTenancyByRequestData;
use Stancl\Tenancy\Middleware\PreventAccessFromCentralDomains;

/*
|--------------------------------------------------------------------------
| Tenant Routes
|--------------------------------------------------------------------------
|
| Here you can register the tenant routes for your application.
| These routes are loaded by the TenantRouteServiceProvider.
|
| Feel free to customize them however you want. Good luck!
|
*/

Route::middleware([
    'web',
    InitializeTenancyByRequestData::class,
    PreventAccessFromCentralDomains::class,
])->group(function () {
    Route::get('/', function () {
        return 'This is your multi-tenant application. The id of the current tenant is ' . tenant('id');
    });
});

Answer 1

The next thing you should do is to create a middleware in which you validate the x-tenant in the header or as query parameter as suggested in the documentation.

I attach an example to do it with the header and JWT would be something like this:

/**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse)  $next
     * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
     */
    public function handle(Request $request, Closure $next)
    {
        if($user = JWTAuth::parseToken()->authenticate())
        {
            if ($user->global_id != $request->header('x-tenant'))
            {
                return response()->json(['errors' => 'You do not have access to this tenant'], 401);
            }

            return $next($request);
        }
    }

Of course you would have to take into consideration other security aspects according to the nature of your app.