potentdevelopment's avatar

Running Two Different Auth Middleware

Hello,

I have two groups of users in different DB table. One is the customers, and the other is the employees. What we need to be able to do is have two different auth middleware that can protect our logged in area. Normally, this would have been done differently but we are working with code that we inherited.

How can I protect routes with 2 different auth middlewares?

0 likes
1 reply
LaryAI's avatar
LaryAI
AI
2 years ago
Level 58

To handle two different types of users with separate authentication middleware in Laravel, you can define two guards in your config/auth.php file. Each guard can be set up to use a different user provider, which can be linked to different database tables.

Here's how you can set it up:

  1. Define the guards in config/auth.php:
'guards' => [
    'customer' => [
        'driver' => 'session',
        'provider' => 'customers',
    ],
    'employee' => [
        'driver' => 'session',
        'provider' => 'employees',
    ],
    // ...
],

'providers' => [
    'customers' => [
        'driver' => 'eloquent',
        'model' => App\Models\Customer::class,
    ],
    'employees' => [
        'driver' => 'eloquent',
        'model' => App\Models\Employee::class,
    ],
    // ...
],

Make sure you have the Customer and Employee Eloquent models set up correctly to correspond with your database tables.

  1. Create two middleware for handling authentication for customers and employees. You can use the php artisan make:middleware command to create them, for example:
php artisan make:middleware CustomerAuthMiddleware
php artisan make:middleware EmployeeAuthMiddleware
  1. In each middleware, you'll need to check if the user is authenticated as a customer or employee. Here's an example for the CustomerAuthMiddleware:
namespace App\Http\Middleware;

use Closure;
use Illuminate\Support\Facades\Auth;

class CustomerAuthMiddleware
{
    public function handle($request, Closure $next)
    {
        if (!Auth::guard('customer')->check()) {
            // Redirect to the customer login page
            return redirect()->route('customer.login');
        }

        return $next($request);
    }
}

And similarly for the EmployeeAuthMiddleware, just replace 'customer' with 'employee' and adjust the redirect route if necessary.

  1. Register the middleware in your app/Http/Kernel.php file:
protected $routeMiddleware = [
    // ...
    'auth.customer' => \App\Http\Middleware\CustomerAuthMiddleware::class,
    'auth.employee' => \App\Http\Middleware\EmployeeAuthMiddleware::class,
];
  1. Now you can use these middleware in your routes to protect them:
Route::middleware('auth.customer')->group(function () {
    // Routes for customers
});

Route::middleware('auth.employee')->group(function () {
    // Routes for employees
});

This setup allows you to have separate authentication checks for customers and employees, using different database tables and Eloquent models. Remember to adjust the middleware, guards, and models to fit your application's specific needs.

Please or to participate in this conversation.