Coding

Laravel 5.2 PHP – Build a Shopping Cart – #7 Middleware & Route Protection

  • 00:00:00 as explained login and sign up is
  • 00:00:03 working but there are some pieces
  • 00:00:05 missing for example the user is not able
  • 00:00:08 to log out and the user is able to well
  • 00:00:13 with this URL here at any point of time
  • 00:00:16 because we're not protecting it we're
  • 00:00:18 not requiring the user to be locked in
  • 00:00:20 to get here also we're not automatically
  • 00:00:23 logging the user in upon signup so all
  • 00:00:26 these are things I want to fix here so
  • 00:00:30 I'll go back to the code and I want to
  • 00:00:33 start with providing a log out
  • 00:00:36 functionality this will be done in the
  • 00:00:39 user controller I'll add a new method
  • 00:00:41 here public function get log out and
  • 00:00:47 logging out is really simple using the
  • 00:00:50 office age level provides I just run off
  • 00:00:53 log out and with that log out method on
  • 00:00:57 this off helper letter will
  • 00:00:59 automatically take care that everything
  • 00:01:02 is the leader that has saved about this
  • 00:01:03 user or about this users state so that G
  • 00:01:06 is no longer locked in of course the
  • 00:01:08 database entries will be kept so not
  • 00:01:09 everything will be deleted basically the
  • 00:01:11 session and so on so if that user is
  • 00:01:14 able to log out and I will set up a
  • 00:01:16 route for this little get route here
  • 00:01:20 user log out and I'll of course use my
  • 00:01:28 newly created action in the user
  • 00:01:31 controller and get log out name this
  • 00:01:36 user dot log out and now that I think of
  • 00:01:41 it it would make more sense to also give
  • 00:01:45 all these routes the user prefix here
  • 00:01:48 however that is a lot of unnecessary
  • 00:01:50 typing I'm doing here because I would
  • 00:01:52 add slash user in front of all of these
  • 00:01:55 routes now since all these routes share
  • 00:01:58 the same prefix I may as well add a
  • 00:02:02 route group here with a prefix as to
  • 00:02:07 grouping logic the prefix should be
  • 00:02:12 user and then in closure in the
  • 00:02:17 anonymous function of this route group
  • 00:02:19 method here level provides I'll add all
  • 00:02:23 these routes which should get this
  • 00:02:26 prefix and then I can get rid of the
  • 00:02:29 user here in the profile and you log out
  • 00:02:31 route and with that all these routes
  • 00:02:34 will be accessed with slash user slash
  • 00:02:37 signup slash sign-in and so on but I
  • 00:02:39 don't have to explicitly type it here
  • 00:02:42 all the time
  • 00:02:43 simply by grouping them together by this
  • 00:02:45 criteria here this prefix anyways back
  • 00:02:50 to the logout functionality but that was
  • 00:02:52 important to hear of course I want to
  • 00:02:55 add the link to the logout and he had or
  • 00:02:57 file here so I'll do this here route
  • 00:03:01 user dot logout will give me this link
  • 00:03:06 and with that well we should at least be
  • 00:03:10 able to see if all of the works and
  • 00:03:12 logging out should work too so I'll go
  • 00:03:16 back to my page let me first check if
  • 00:03:19 this route still works yes so the route
  • 00:03:21 grouping works and if I click on well
  • 00:03:25 sign in I'm still taken to the sign-in
  • 00:03:27 page which of course doesn't make sense
  • 00:03:30 since I'm still silent but I'll take
  • 00:03:32 care of this soon so if I click log out
  • 00:03:35 yes just seems to work but it would of
  • 00:03:39 course be nice if I also am redirected
  • 00:03:42 so I'm currently not doing anything here
  • 00:03:44 that certainly is wrong so I'll provide
  • 00:03:47 a redirect here and let's say I want to
  • 00:03:51 basically navigate back to where the
  • 00:03:53 user came from so let's try this again
  • 00:03:56 I'll go back to the index page and yes
  • 00:04:00 I'm not locked and currently but it will
  • 00:04:02 work anyways yeah I'm taken back so this
  • 00:04:06 works but you still see there are some
  • 00:04:08 missing things however for one it would
  • 00:04:11 be creative this header here or this
  • 00:04:13 user management pop-up or drop-down
  • 00:04:16 would be updated accordingly so that I
  • 00:04:19 don't see the log out possible here when
  • 00:04:21 I'm not logged in and the route
  • 00:04:23 protection I was already
  • 00:04:25 looking off so I'll take care of the
  • 00:04:28 route protection next I'll do this any
  • 00:04:31 routes PHP file and lateral has this
  • 00:04:35 concept called middleware which allows
  • 00:04:37 me to basically funnel all requests for
  • 00:04:41 which I specify a middleware through
  • 00:04:44 that middleware which is basically a
  • 00:04:45 checked check run on the requests to see
  • 00:04:48 if they fulfill a certain criteria
  • 00:04:50 letter would ships with some built-in
  • 00:04:52 middleware and there are two middlewares
  • 00:04:56 I'm thinking of right now which are very
  • 00:04:58 handy for us the off malware will make
  • 00:05:02 sure that only authenticated users may
  • 00:05:04 access a certain resource whereas the
  • 00:05:06 guest villa where does the opposite and
  • 00:05:08 we can of course use both malware's to
  • 00:05:11 make sure that only authenticated users
  • 00:05:13 may access the profile per page whereas
  • 00:05:16 only an authenticated users may access
  • 00:05:19 the sign up or sign in pages for example
  • 00:05:22 in your kernel PHP file you can see
  • 00:05:27 those middlewares here this is the basic
  • 00:05:30 middleware layer all ships with this is
  • 00:05:32 the of middleware I'm talking off and
  • 00:05:34 basically with this off string here we
  • 00:05:37 get a shortcut to easily access and
  • 00:05:39 apply this middleware and guess the
  • 00:05:42 other one I'm talking about in the
  • 00:05:45 middleware folder you see the files this
  • 00:05:48 these links here are referring to so off
  • 00:05:51 is referring to app HTTP middleware
  • 00:05:53 authenticate which is this file here so
  • 00:05:56 here you can see the logic level runs
  • 00:05:58 and the gas middleware is referring to
  • 00:06:01 the redirect it redirect if
  • 00:06:03 authenticated malware this file here so
  • 00:06:06 we can adjust these files to our needs
  • 00:06:10 and I will do this but for now what I
  • 00:06:13 will first do is I will add the
  • 00:06:15 middleware and the routes file so I will
  • 00:06:17 tell level which routes of my routes you
  • 00:06:21 see here should get a certain middleware
  • 00:06:23 now how can will aware be applied and I
  • 00:06:28 just saw that this signup page should
  • 00:06:30 also be pass into the route grouping by
  • 00:06:33 the way but how can I apply middleware I
  • 00:06:36 can do it by simply adding and
  • 00:06:39 new parameter here middle aware and new
  • 00:06:43 element in this array and then I could
  • 00:06:46 pass an array of Milla wares so off and
  • 00:06:49 any other middleware
  • 00:06:51 or if I only have one I may simply
  • 00:06:54 specify it as a single element or azzam
  • 00:06:57 as a string here off now I certainly
  • 00:07:01 don't want to protect these sign up
  • 00:07:02 route with the off middleware because
  • 00:07:04 then you would never be able to sign up
  • 00:07:06 since well he certainly isn't
  • 00:07:08 authenticated before trying to sign up
  • 00:07:11 so instead here I want to have the guest
  • 00:07:15 middleware so middleware guest to make
  • 00:07:19 sure that only unauthenticated users are
  • 00:07:21 able to sign up I'll copy that to my
  • 00:07:26 post route to my sign-in routes and here
  • 00:07:34 for the profile I'll also copy it but
  • 00:07:37 I'll replace GAF guest with off because
  • 00:07:39 only authenticated users should be able
  • 00:07:41 to get to the profile and the same is
  • 00:07:44 true for logging out another kated users
  • 00:07:46 can't log out so they shouldn't be able
  • 00:07:49 to now you already see a similar thing
  • 00:07:52 as with the user prefix here I'm using
  • 00:07:55 this guest middleware on four routes and
  • 00:07:57 off onto now this is perfectly fine but
  • 00:08:01 I could also use grouping here again so
  • 00:08:05 let's do that
  • 00:08:05 I'll group all these routes this time
  • 00:08:09 not by prefix but by middleware and
  • 00:08:12 apply the off middleware for or key
  • 00:08:16 guest middleware here for the first set
  • 00:08:19 of routes so provide a closure which
  • 00:08:22 holds all these routes and I will paste
  • 00:08:26 in all the routes which currently have
  • 00:08:29 the guest middleware like this and then
  • 00:08:33 of course I can get rid of this
  • 00:08:34 middleware element here and the route
  • 00:08:37 setup and I can also create another
  • 00:08:41 group here route group
  • 00:08:47 middleware and then of 42 other routes
  • 00:08:55 down here which you also share the same
  • 00:08:57 malware so I'll take these routes and
  • 00:09:01 insert them here and all the get rid of
  • 00:09:03 the middleware here so with that I'm
  • 00:09:06 still applying the middle where the gas
  • 00:09:09 middleware to these routes ante off
  • 00:09:12 malware to these routes now if we have a
  • 00:09:16 look in the middle where files level
  • 00:09:18 ships with the authenticate malware is
  • 00:09:20 of course the one which checks if the
  • 00:09:22 user is logged in and we see that level
  • 00:09:25 tries to redirect us to basically this
  • 00:09:28 is a route here like the route command
  • 00:09:32 to the log in page well this route
  • 00:09:37 doesn't exist here so I want to redirect
  • 00:09:39 to the user to user dot sign-in does an
  • 00:09:44 important adjustment here for having
  • 00:09:46 this to work correctly and in the
  • 00:09:48 redirect if authenticated case this is
  • 00:09:51 fine since we're redirected to an
  • 00:09:54 absolute URL or path here which is our
  • 00:09:57 route page which is OK for me you could
  • 00:10:00 of course replace this with redirect and
  • 00:10:03 then route and then product index I
  • 00:10:09 think was the name of the very top route
  • 00:10:11 yes and this would basically do the same
  • 00:10:13 so whatever you like more so I'll go
  • 00:10:17 with that and with this if I had over
  • 00:10:20 and reload my application here and I go
  • 00:10:23 to sign up this works so if I go to sign
  • 00:10:29 in does all the works if I do sign-in
  • 00:10:33 I'm redirected to the profile and if I
  • 00:10:36 try to access sign in again you see I'm
  • 00:10:39 redirected back to the starting page
  • 00:10:40 because this is now protected that is so
  • 00:10:43 that only an offended case and
  • 00:10:45 authenticated users may access it
  • 00:10:48 logging out of course works and what
  • 00:10:51 happens if I'm a now logged out try to
  • 00:10:54 access my user profile page I'm okay
  • 00:11:01 I made a mistake here let's replace this
  • 00:11:05 with Route guest takes an absolute
  • 00:11:09 pathway which of course doesn't work so
  • 00:11:11 let's use route instead so I'll try this
  • 00:11:14 again
  • 00:11:17 you see I'm taken into the sign-in page
  • 00:11:20 so all that works what do I want to do
  • 00:11:23 last I want to login the user right
  • 00:11:26 after he sign up and I went to fix this
  • 00:11:29 drop down so I'll start with logging the
  • 00:11:32 user in after sign up by simply adding
  • 00:11:35 off sign up off login and then pass the
  • 00:11:42 user which I want to login so with this
  • 00:11:45 helper method I can instantly log in a
  • 00:11:47 user and of course I know that this is
  • 00:11:49 possible here because the user has been
  • 00:11:51 created so that is one thing let's try
  • 00:11:55 this so I go to sign up and I'll create
  • 00:11:59 a new user here with a novel email
  • 00:12:01 address and we can't test if I'm signed
  • 00:12:05 up by going to user profile this works
  • 00:12:08 of course we could also redirect not to
  • 00:12:12 product index but to user profile so
  • 00:12:14 let's do this and now to the header
  • 00:12:19 currently I'm always showing the signup
  • 00:12:22 and sign in and logout links now that
  • 00:12:24 certainly isn't the right thing to do
  • 00:12:26 because well I only want to show sign up
  • 00:12:28 and sign in if the user is not locked in
  • 00:12:31 and if the user is logged in then I want
  • 00:12:33 to show logout and I want to replace
  • 00:12:35 signup and sign in with a link to the
  • 00:12:37 user account to the user profile let's
  • 00:12:40 say so how can we do that very easily
  • 00:12:45 level offers us the possibility to use
  • 00:12:48 the office 8 in the blade templates as
  • 00:12:51 well so I can check with off check which
  • 00:12:56 is a helper method basically telling
  • 00:12:57 level Hey please have a look if the user
  • 00:13:00 currently on this page is logged in
  • 00:13:03 which of course level can validate
  • 00:13:05 because it stores it in a session and if
  • 00:13:07 this is successful well then I will
  • 00:13:10 display the content between e if we're
  • 00:13:13 ending inside of this F block
  • 00:13:15 I'll also add an else statement here and
  • 00:13:17 then and if so now what do I want to
  • 00:13:21 display in the case that the user is
  • 00:13:24 authenticated well then I want to create
  • 00:13:27 a new list entry saying user profile
  • 00:13:35 linking to that page here if the user is
  • 00:13:39 not authenticated if he is not logged in
  • 00:13:42 then I want to show this block here and
  • 00:13:48 this log out link will also only be
  • 00:13:51 shown if the user is authenticated so
  • 00:13:54 also in the well if case and the in the
  • 00:13:56 true case here so with that in place if
  • 00:14:00 I reload the page here and have a look
  • 00:14:05 at the drop-down you now see I only see
  • 00:14:07 signup and sign in because I'm not
  • 00:14:09 signed in if I do is sign in though you
  • 00:14:15 see now I got access to user profile and
  • 00:14:17 log out so that's working great and with
  • 00:14:20 that we've got a working user interface
  • 00:14:23 or user sign up inside and process in
  • 00:14:26 place and yeah I'm happy to see you next
  • 00:14:29 videos bye