I'm trying to set op a multi-tenancy with request data identification on Laravel, but I can't find anything about it.
Is it just so simple to follow this quikstart https://tenancyforlaravel.com/docs/v3/quickstart
And then follow this step? https://tenancyforlaravel.com/docs/v3/tenant-identification/#Request-data-identification:~:text=public%20static%20property ).-,Request%20data%20identification,-You%20might%20want
So change my tent route from this
<?php
declare(strict_types=1);
use Illuminate\Support\Facades\Route;
use Stancl\Tenancy\Middleware\InitializeTenancyByDomain;
use Stancl\Tenancy\Middleware\PreventAccessFromCentralDomains;
/*
|--------------------------------------------------------------------------
| Tenant Routes
|--------------------------------------------------------------------------
|
| Here you can register the tenant routes for your application.
| These routes are loaded by the TenantRouteServiceProvider.
|
| Feel free to customize them however you want. Good luck!
|
*/
Route::middleware([
'web',
InitializeTenancyByDomain::class,
PreventAccessFromCentralDomains::class,
])->group(function () {
Route::get('/', function () {
return 'This is your multi-tenant application. The id of the current tenant is ' . tenant('id');
});
});
To this:
<?php
declare(strict_types=1);
use Illuminate\Support\Facades\Route;
use Stancl\Tenancy\Middleware\InitializeTenancyByRequestData;
use Stancl\Tenancy\Middleware\PreventAccessFromCentralDomains;
/*
|--------------------------------------------------------------------------
| Tenant Routes
|--------------------------------------------------------------------------
|
| Here you can register the tenant routes for your application.
| These routes are loaded by the TenantRouteServiceProvider.
|
| Feel free to customize them however you want. Good luck!
|
*/
Route::middleware([
'web',
InitializeTenancyByRequestData::class,
PreventAccessFromCentralDomains::class,
])->group(function () {
Route::get('/', function () {
return 'This is your multi-tenant application. The id of the current tenant is ' . tenant('id');
});
});
The next thing you should do is to create a middleware in which you validate the x-tenant in the header or as query parameter as suggested in the documentation.
I attach an example to do it with the header and JWT would be something like this:
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
*/
public function handle(Request $request, Closure $next)
{
if($user = JWTAuth::parseToken()->authenticate())
{
if ($user->global_id != $request->header('x-tenant'))
{
return response()->json(['errors' => 'You do not have access to this tenant'], 401);
}
return $next($request);
}
}
Of course you would have to take into consideration other security aspects according to the nature of your app.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.