Laravel 4 Laravel 4多用户安全和身份验证

Laravel 4 Laravel 4多用户安全和身份验证,laravel-4,authentication,multi-user,Laravel 4,Authentication,Multi User,我正在开发一个多用户web应用程序。我担心的是安全问题,我想知道这是否是一种安全的方式来整合它 我在filters.php中完成了以下三个新的过滤器 Route::filter('auth', function() { if (Auth::guest()) { if (Request::ajax()) { return Response::make('Unauthorized', 401); }

我正在开发一个多用户web应用程序。我担心的是安全问题,我想知道这是否是一种安全的方式来整合它

我在
filters.php
中完成了以下三个新的过滤器

Route::filter('auth', function()
{
    if (Auth::guest())
    {
        if (Request::ajax())
        {
            return Response::make('Unauthorized', 401);
        }
        else
        {
            return Redirect::guest('login');
        }
    }
});

Route::filter('user', function(){
    if(Auth::guest()){
        return Redirect::route('login');
    }else{
        if(Auth::user()->role == 2){
            return Redirect::route('/users/users');
        }
    }
});

Route::filter('admin', function(){
    if(Auth::guest()){
        return Redirect::route('login');
    }else{
        if(Auth::user()->role == 1){
            return Redirect::route('/admin/admin');
        }
    }
});

Route::filter('business', function(){
    if(Auth::guest()){
        return Redirect::route('login');
    }else{
        if(Auth::user()->role == 1){
            return Redirect::route('/business/business');
        }
    }
});
routes.php
中,我添加了以下内容:

    Route::group(array('before' => 'admin'), function(){

        Route::resource('user', 'UserController');

        Route::get('user/dashboard', array(
            'as' =>'user-dashboard',
            'uses' => 'UserController@show'
        ));

    // Route::group(array('before' => 'user'), function(){
        Route::get('admin/dashboard', array(
              'as' =>'admin-dashboard',
              'uses' => 'AdminController@getAdmin'
        ));

    // });

    Route::group(array('before' => 'business'), function(){
        Route::get('business/dashboard', array(
            'as' =>'business-dashboard',
            'uses' => 'BusinessController@getBusiness'
        ));
    });
public function show($id){
        $user = User::find($id);

        return View::make('admin.show')
        ->with('title', 'admin dashboard')
        ->with('user', $user);
    }
@extends('layouts.default')

@section('content')
    @if(Auth::check())

        @if(Auth::user()->role==1)
        <div class="container">
            <h1>{{ $user->email }}</h1>
                @else
            <p> you are not signed in</p>
        @endif
    @else
        <?php return Redirect::route('login') ?>
    @endif
@stop
public function show(){
        return View::make('users.index')
        ->with('title', 'dashboard');
    }
@extends('layouts.default')

@section('content')
    @if(Auth::check())
        @if(Auth::user()->role==2)
                ........... 
                @else 
        <div class="container">
            <h3>your are not signed in</h3>
        </div>
        @endif
    @else
        <?php return Redirect::route('login')->with('global', 'your not allowed here') ?>
    @endif
@stop
AdminController.php
中,我添加了以下内容:

    Route::group(array('before' => 'admin'), function(){

        Route::resource('user', 'UserController');

        Route::get('user/dashboard', array(
            'as' =>'user-dashboard',
            'uses' => 'UserController@show'
        ));

    // Route::group(array('before' => 'user'), function(){
        Route::get('admin/dashboard', array(
              'as' =>'admin-dashboard',
              'uses' => 'AdminController@getAdmin'
        ));

    // });

    Route::group(array('before' => 'business'), function(){
        Route::get('business/dashboard', array(
            'as' =>'business-dashboard',
            'uses' => 'BusinessController@getBusiness'
        ));
    });
public function show($id){
        $user = User::find($id);

        return View::make('admin.show')
        ->with('title', 'admin dashboard')
        ->with('user', $user);
    }
@extends('layouts.default')

@section('content')
    @if(Auth::check())

        @if(Auth::user()->role==1)
        <div class="container">
            <h1>{{ $user->email }}</h1>
                @else
            <p> you are not signed in</p>
        @endif
    @else
        <?php return Redirect::route('login') ?>
    @endif
@stop
public function show(){
        return View::make('users.index')
        ->with('title', 'dashboard');
    }
@extends('layouts.default')

@section('content')
    @if(Auth::check())
        @if(Auth::user()->role==2)
                ........... 
                @else 
        <div class="container">
            <h3>your are not signed in</h3>
        </div>
        @endif
    @else
        <?php return Redirect::route('login')->with('global', 'your not allowed here') ?>
    @endif
@stop
admin/show.blade.php
文件中,我添加了以下内容:

    Route::group(array('before' => 'admin'), function(){

        Route::resource('user', 'UserController');

        Route::get('user/dashboard', array(
            'as' =>'user-dashboard',
            'uses' => 'UserController@show'
        ));

    // Route::group(array('before' => 'user'), function(){
        Route::get('admin/dashboard', array(
              'as' =>'admin-dashboard',
              'uses' => 'AdminController@getAdmin'
        ));

    // });

    Route::group(array('before' => 'business'), function(){
        Route::get('business/dashboard', array(
            'as' =>'business-dashboard',
            'uses' => 'BusinessController@getBusiness'
        ));
    });
public function show($id){
        $user = User::find($id);

        return View::make('admin.show')
        ->with('title', 'admin dashboard')
        ->with('user', $user);
    }
@extends('layouts.default')

@section('content')
    @if(Auth::check())

        @if(Auth::user()->role==1)
        <div class="container">
            <h1>{{ $user->email }}</h1>
                @else
            <p> you are not signed in</p>
        @endif
    @else
        <?php return Redirect::route('login') ?>
    @endif
@stop
public function show(){
        return View::make('users.index')
        ->with('title', 'dashboard');
    }
@extends('layouts.default')

@section('content')
    @if(Auth::check())
        @if(Auth::user()->role==2)
                ........... 
                @else 
        <div class="container">
            <h3>your are not signed in</h3>
        </div>
        @endif
    @else
        <?php return Redirect::route('login')->with('global', 'your not allowed here') ?>
    @endif
@stop
users/index.blade.php
中,我添加了以下内容:

    Route::group(array('before' => 'admin'), function(){

        Route::resource('user', 'UserController');

        Route::get('user/dashboard', array(
            'as' =>'user-dashboard',
            'uses' => 'UserController@show'
        ));

    // Route::group(array('before' => 'user'), function(){
        Route::get('admin/dashboard', array(
              'as' =>'admin-dashboard',
              'uses' => 'AdminController@getAdmin'
        ));

    // });

    Route::group(array('before' => 'business'), function(){
        Route::get('business/dashboard', array(
            'as' =>'business-dashboard',
            'uses' => 'BusinessController@getBusiness'
        ));
    });
public function show($id){
        $user = User::find($id);

        return View::make('admin.show')
        ->with('title', 'admin dashboard')
        ->with('user', $user);
    }
@extends('layouts.default')

@section('content')
    @if(Auth::check())

        @if(Auth::user()->role==1)
        <div class="container">
            <h1>{{ $user->email }}</h1>
                @else
            <p> you are not signed in</p>
        @endif
    @else
        <?php return Redirect::route('login') ?>
    @endif
@stop
public function show(){
        return View::make('users.index')
        ->with('title', 'dashboard');
    }
@extends('layouts.default')

@section('content')
    @if(Auth::check())
        @if(Auth::user()->role==2)
                ........... 
                @else 
        <div class="container">
            <h3>your are not signed in</h3>
        </div>
        @endif
    @else
        <?php return Redirect::route('login')->with('global', 'your not allowed here') ?>
    @endif
@stop
@extends('layouts.default'))
@节(“内容”)
@if(Auth::check())
@if(Auth::user()->role==2)
........... 
@否则
您的帐户尚未登录
@恩迪夫
@否则
@恩迪夫
@停止
业务角色也是这样做的

在管理员的查看文件中:

@extends('layouts.default')

@section('content')
    @if(Auth::check())
        @if(Auth::user()->role==1)
            <h2>welcome {{ Auth::user()->email }}, you are logged in as an administrator </h2>
        @else
            <p> you are not signed in</p>
        @endif
    @else
        <p><?php return Redirect::route('login')->with('global', 'your not allowed here') ?></p>
    @endif
@stop
@extends('layouts.default'))
@节(“内容”)
@if(Auth::check())
@if(Auth::user()->role==1)
欢迎{{Auth::user()->email},您以管理员身份登录
@否则
您尚未登录

@恩迪夫 @否则

@恩迪夫 @停止
对于用户:

@extends('layouts.default')

@section('content')
    @if(Auth::check())
        @if(Auth::user()->role==2)
            <h2>welcome {{ Auth::user()->email }}, you are logged in as an user </h2>
        @else
            <p> you are not signed in</p>
        @endif
    @else
        <p><?php return Redirect::route('login')->with('global', 'your not allowed here') ?></p>
    @endif
@stop
@extends('layouts.default'))
@节(“内容”)
@if(Auth::check())
@if(Auth::user()->role==2)
欢迎{{Auth::user()->email},您已以用户身份登录
@否则
您尚未登录

@恩迪夫 @否则

@恩迪夫 @停止
首先,您不需要在每个筛选器中检查
Auth::guest()
,而是将现有的
Auth
筛选器与其他筛选器结合使用,如下所示:

Route::group(array('before' => 'auth|admin'), function() {});
或者使用此备用数组语法:

Route::group(array('before' => array('auth', 'admin')), function() {});
我不确定围绕
管理/仪表板
的路由组的注释是否是故意的,但是有了注释,该路由没有路由筛选器,因此请记住,您可能需要取消注释

此外,无需在视图中
Auth::check()
返回重定向::路由(“登录”)
身份验证应在控制器中或通过路由过滤器完成,如果用户未登录,甚至不应呈现视图


除此之外,代码的这些部分似乎相当安全,但如果出现问题,请不要责怪我,也不要责怪堆栈交换,如果有疑问,请咨询专业人士。

您说的是
Route::group(array('before'=>'auth | admin'),function(){})那么如何区分路由组中哪些视图仅显示给auth,哪些视图仅显示给admin??有什么例子吗?@pathros这不是决定要显示什么视图(这将根据路由决定),只是要求这两个路由筛选器匹配以返回视图,否则返回“unauthorized”。那么,我还能在哪里控制对每种用户类型视图的访问?我不希望管理员看到与其他用户(如business、normal_user等)相同的页面。@pathros为每个组创建单独的路由筛选器,并要求每个路由组使用其中一个。好的。通过阅读你的建议和这篇文章,它现在可以正常工作了