[英]Trying to set up a multi-tenancy with Request data identification on Laravel 9.3
我正在嘗試在 Laravel 上設置帶有請求數據標識的多租戶操作,但我找不到任何相關信息。
遵循這個 quikstart https://tenancyforlaravel.com/docs/v3/quickstart就這么簡單嗎
然后按照這一步? https://tenancyforlaravel.com/docs/v3/tenant-identification/#Request-data-identification:~:text=public%20static%20property ).-,Request%20data%20identification,-You%20might%20want
所以改變我的帳篷路線
<?php
declare(strict_types=1);
use Illuminate\Support\Facades\Route;
use Stancl\Tenancy\Middleware\InitializeTenancyByDomain;
use Stancl\Tenancy\Middleware\PreventAccessFromCentralDomains;
/*
|--------------------------------------------------------------------------
| Tenant Routes
|--------------------------------------------------------------------------
|
| Here you can register the tenant routes for your application.
| These routes are loaded by the TenantRouteServiceProvider.
|
| Feel free to customize them however you want. Good luck!
|
*/
Route::middleware([
'web',
InitializeTenancyByDomain::class,
PreventAccessFromCentralDomains::class,
])->group(function () {
Route::get('/', function () {
return 'This is your multi-tenant application. The id of the current tenant is ' . tenant('id');
});
});
對此:
<?php
declare(strict_types=1);
use Illuminate\Support\Facades\Route;
use Stancl\Tenancy\Middleware\InitializeTenancyByRequestData;
use Stancl\Tenancy\Middleware\PreventAccessFromCentralDomains;
/*
|--------------------------------------------------------------------------
| Tenant Routes
|--------------------------------------------------------------------------
|
| Here you can register the tenant routes for your application.
| These routes are loaded by the TenantRouteServiceProvider.
|
| Feel free to customize them however you want. Good luck!
|
*/
Route::middleware([
'web',
InitializeTenancyByRequestData::class,
PreventAccessFromCentralDomains::class,
])->group(function () {
Route::get('/', function () {
return 'This is your multi-tenant application. The id of the current tenant is ' . tenant('id');
});
});
接下來您應該做的是創建一個中間件,您可以在其中驗證 header 中的 x-tenant 或作為文檔中建議的查詢參數。
我附上一個例子來用 header 和 JWT 做這件事是這樣的:
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
*/
public function handle(Request $request, Closure $next)
{
if($user = JWTAuth::parseToken()->authenticate())
{
if ($user->global_id != $request->header('x-tenant'))
{
return response()->json(['errors' => 'You do not have access to this tenant'], 401);
}
return $next($request);
}
}
當然,您必須根據應用的性質考慮其他安全方面的問題。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.