Hey, I'm due to launch a tiny e-commerce store for a client, it is a very simple Laravel app using the shipped auth, single product purchase, redirecting to Stripe Checkout.js for transactions... typically after picking a product, a user will be asked to log in if they're not already authenticated... if they aren't a member they'll obviously need to register... all purchasing related routes are behind the standard auth middleware.
In the background, it is a simple One (User) to Many (Orders) relationship.
Now the client has asked for guest checkout and I've been researching a few different approaches, I can't make up my mind and would love some community input
Guest users are created as actual users and are actually authenticated, maybe with an
is_guest flag against their account... If they're recognised as a guest then we can create conditionals to hide authenticated content (such as buttons to log out) and also write custom auth middleware that satisfies "is authenticated but is a guest" ... This approach is the least amount of work and is great for migrating the guests to actual users (simply by setting a password at the end of the order process)... but muddles up the frontend by trying to hide authenticated content from guests.
Opening up the checkout processes by removing the auth middleware and allow orders to be created by non-users... we would need to remove
required from the
user_id field on the
orders table. A nullable
Create a separate guests table to keep users and guests completely separate, the orders table could be adapted to a polymorphic relation allowing both Users and Guests to create orders, keeping orders assigned to an ID of an actual person. If a guest creates an account we can migrate their data into the users table.
Option 3 seems to be the best approach. Any thoughts on this?