嘗試在 Laravel 9.3 上設置帶有請求數據標識的多租戶

Question

我正在嘗試在 Laravel 上設置帶有請求數據標識的多租戶操作，但我找不到任何相關信息。

遵循這個 quikstart https://tenancyforlaravel.com/docs/v3/quickstart就這么簡單嗎

然后按照這一步？ https://tenancyforlaravel.com/docs/v3/tenant-identification/#Request-data-identification:~:text=public%20static%20property ).-,Request%20data%20identification,-You%20might%20want

所以改變我的帳篷路線

<?php

declare(strict_types=1);

use Illuminate\Support\Facades\Route;
use Stancl\Tenancy\Middleware\InitializeTenancyByDomain;
use Stancl\Tenancy\Middleware\PreventAccessFromCentralDomains;

/*
|--------------------------------------------------------------------------
| Tenant Routes
|--------------------------------------------------------------------------
|
| Here you can register the tenant routes for your application.
| These routes are loaded by the TenantRouteServiceProvider.
|
| Feel free to customize them however you want. Good luck!
|
*/

Route::middleware([
    'web',
    InitializeTenancyByDomain::class,
    PreventAccessFromCentralDomains::class,
])->group(function () {
    Route::get('/', function () {
        return 'This is your multi-tenant application. The id of the current tenant is ' . tenant('id');
    });
});

對此：

<?php

declare(strict_types=1);

use Illuminate\Support\Facades\Route;
use Stancl\Tenancy\Middleware\InitializeTenancyByRequestData;
use Stancl\Tenancy\Middleware\PreventAccessFromCentralDomains;

/*
|--------------------------------------------------------------------------
| Tenant Routes
|--------------------------------------------------------------------------
|
| Here you can register the tenant routes for your application.
| These routes are loaded by the TenantRouteServiceProvider.
|
| Feel free to customize them however you want. Good luck!
|
*/

Route::middleware([
    'web',
    InitializeTenancyByRequestData::class,
    PreventAccessFromCentralDomains::class,
])->group(function () {
    Route::get('/', function () {
        return 'This is your multi-tenant application. The id of the current tenant is ' . tenant('id');
    });
});

Answer 1

接下來您應該做的是創建一個中間件，您可以在其中驗證 header 中的 x-tenant 或作為文檔中建議的查詢參數。

我附上一個例子來用 header 和 JWT 做這件事是這樣的：

/**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse)  $next
     * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
     */
    public function handle(Request $request, Closure $next)
    {
        if($user = JWTAuth::parseToken()->authenticate())
        {
            if ($user->global_id != $request->header('x-tenant'))
            {
                return response()->json(['errors' => 'You do not have access to this tenant'], 401);
            }

            return $next($request);
        }
    }

當然，您必須根據應用的性質考慮其他安全方面的問題。