Sub-Domain Routing and Login

Any ideas on this one folks?

Have you looked at sub-domain routing?

https://laravel.com/docs/5.2/routing#route-group-sub-domain-routing

That's what I'm using @kreitje

My issue is, with respect to Spark, that the Spark routes for login etc are accessible via both domains.

You could use a middleware to catch and redirect the route that you do not want to be availalbe.

Good idea @EventFellows

The problem I have here @EventFellows is that all routes from Spark are accessible via the non-app route, such as register, login, terms etc.

How would I use middleware to restrict access to these routes? Is it possible to add a domain property to all Spark routes?

Also, this is causing other issues, such as Token Mismatch errors. There appears to be two different tokens generated for each URI.

The middleware is handled server-side so there should not be any trouble with Token Mismatch errors due to this - at the end you can do it as a simple redirect.

Check the default middleware RedirectIfAuthenticated on how it generally works. And then do somehting along the lines of this:

    public function handle($request, Closure $next, $guard = null)
    {
        if($request->route()->getPath() == 'whatever/you/want/to/block') // you can buld this as an in_array() setup if you have many routes to apply it to
        {
            return redirect('http://subdomain.yourdomain.com/correct/login/url'); // or where every you want to redirect the user to if he request a url that should not work
        }
    }

        return $next($request);

You can also get other parameters off $request if ->route()->getPath() is not what you need. I use this setup and it works without any trouble.

Thanks, @EventFellows , seems a little messy hard coding the base URL in the redirect, especially when considering you'd have to perform an environment check to point to the correct URI.

But, if it works, then it's a temporary solution. Just seems like there should be a better way than hardcoding redirects for every single Spark route that's exposed to the frontend user.

Thanks for the help.

@EventFellows

I did this:

public function handle($request, Closure $next)
{
    $hostSegments = explode('.', $request->getHost());
    $duplicates = ['login', 'register'];
    $segments = $request->segments();
    $duplicate = array_intersect($duplicates, $segments);

    if($hostSegments[0] !== 'app' && $duplicate) {
        return redirect('//app.example.'.end($hostSegments).'/'.end($duplicate));
    }

    return $next($request);
}

Though, with regards to the terms, it would be best to have it go to the non-app URI. So, just trying to work out how to best do that.

You are right, but you can always compile the redicret dynamically based on the request, so you do not need to hardcode any domain. If it is only very few URIs that you want to block it feels ok to me.

Edit: Just saw that you have exactly done this.

Here's the updated code. Seems like a bit of a hack to be honest, but it works.

public function handle($request, Closure $next)
{
    $hostSegments = explode('.', $request->getHost());
    $duplicates = ['login', 'register'];
    $segments = $request->segments();
    $duplicate = array_intersect($duplicates, $segments);

    if($hostSegments[0] === 'app' && end($segments) === 'terms') {
        return redirect('//example.'.end($hostSegments).'/'.end($segments));
    }

    if($hostSegments[0] !== 'app' && $duplicate) {
        return redirect('//app.example.'.end($hostSegments).'/'.end($duplicate));
    }

    return $next($request);
}

Ideally, Spark should use the APP_URL environment config and apply it to the routes in some way, or handle sub-domains better.