I'm trying to prevent some users from accessing to some routes. I have created a middleware called CheckUserRole. But I always get a null response when I try to fetch any data from the logged-in user, unlike when, for example, I request the user's ID in a view.
I'm using PHP 8.2.8 And laravel 10
This is my web.php file
<?php
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\HomeController;
use App\Http\Controllers\Admin\PsychologicalTestController;
use App\Http\Controllers\Admin\ProfileController;
use App\Http\Controllers\Admin\TaskController;
use App\Http\Controllers\Admin\CapsuleController;
/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider and all of them will
| be assigned to the "web" middleware group. Make something great!
|
*/
Route::redirect('/', '/login');
// Authentication routes
Route::middleware(['auth',])->group(function () {
Route::get('/home', [HomeController::class, 'index'])->name('home');
});
Route::middleware(['auth'])->group(function () {
// Admin routes
Route::middleware(['check.user.role'])->prefix('admin')->group(function () {
Route::resource('psycological-test', PsychologicalTestController::class);
Route::resource('profile', ProfileController::class);
Route::resource('task', TaskController::class, ['as' => 'admin']);
Route::resource('capsule', CapsuleController::class);
});
});
To my greater surprise, I decided to include only the Auth middleware and try to break it with a dd, but upon executing a view, it would open normally, as if it weren't entering the middleware.
Test in my web.php
Route::group(['middleware' => 'auth'], function () {
Route::group(['prefix' => 'admin'], function () {
Route::resource('capsule', CapsuleController::class);
});
});
App\Http\Middleware\Authenticate.php
/**
* Get the path the user should be redirected to when they are not authenticated.
*/
protected function redirectTo(Request $request): ?string
{
dd($request);
// return $request->expectsJson() ? null : route('login');
}
I tried moving the middleware in the kernel file, but doesn't worked.
Kernel.php
<?php
namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* @var array<int, class-string|string>
*/
protected $middleware = [
// \App\Http\Middleware\TrustHosts::class,
\App\Http\Middleware\TrustProxies::class,
\Illuminate\Http\Middleware\HandleCors::class,
\App\Http\Middleware\PreventRequestsDuringMaintenance::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\CheckUserRole::class,
\App\Http\Middleware\CheckParticipantPhase::class,
];
/**
* The application's route middleware groups.
*
* @var array<string, array<int, class-string|string>>
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
// \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
\Illuminate\Routing\Middleware\ThrottleRequests::class.':api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
];
/**
* The application's middleware aliases.
*
* Aliases may be used instead of class names to conveniently assign middleware to routes and groups.
*
* @var array<string, class-string|string>
*/
protected $middlewareAliases = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'precognitive' => \Illuminate\Foundation\Http\Middleware\HandlePrecognitiveRequests::class,
'signed' => \App\Http\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
'check.user.role' =>\App\Http\Middleware\CheckUserRole::class,
'check.participant.phase' =>\App\Http\Middleware\CheckUserStatus::class,
'localize' => \Mcamara\LaravelLocalization\Middleware\LaravelLocalizationRoutes::class,
'localizationRedirect' => \Mcamara\LaravelLocalization\Middleware\LaravelLocalizationRedirectFilter::class,
'localeSessionRedirect' => \Mcamara\LaravelLocalization\Middleware\LocaleSessionRedirect::class,
'localeCookieRedirect' => \Mcamara\LaravelLocalization\Middleware\LocaleCookieRedirect::class,
'localeViewPath' => \Mcamara\LaravelLocalization\Middleware\LaravelLocalizationViewPath::class
];
}
Finally, when i run this
dd(
auth()->id() ?? '?',
Auth::id() ?? '?',
$request->user()->id ?? '?',
auth()->check(),
get_class(auth()->guard())
);
i got this
"?" // app/Http/Middleware/CheckUserRole.php:19
"?" // app/Http/Middleware/CheckUserRole.php:19
"?" // app/Http/Middleware/CheckUserRole.php:19
false // app/Http/Middleware/CheckUserRole.php:19
"Illuminate\Auth\SessionGuard" // app/Http/Middleware/CheckUserRole.php:19
Any hint or help will be appreciated.
The answer is that you can't register a middleware in both the global middleware array and the aliases array. That was the reason why Laravel couldn't use it correctly.