I would like to create a multi-tentant laravel 8.0 application (with laravel multi-tenancy package and laravel sanctum) with Vue Frontend for the customers and a Vue Frontend for Admins.
(Vue2) Frontend for customers like: example.com and store1.example.com and store2.example.com
(Vue2) Frontend for admins like: store1.admin.example.com and store2.example.com
(Laravel) Backend for the rest api like: store1.api.example.com and store2.api.example.com
I would like to make it possible for customers to log in on any of the subdomains forexample on example.com or on store1.example.com and also be logged in on all the other subdomains.
Is it possible?
Do you have any suggestions?
+1 question: Is there any way to generate a subdomain with laravel?
This would be my first multi-tenant sandbox application, thanks for your help!
I have done a similar set-up with this although I haven't gotten to a deeper sub-domain.
The first thing you need to do is configure the tld and wildcard sub-domain to your application, so whatever subdomain you hit, you should always see the index content.
The first setup for this is to set SESSION_DOMAIN in laravel .env to something like .whatever.com
e.g.
SESSION_DOMAIN=.whatever.com
Then the next thing you have to do is to make sure your application uses JWT Authentication https://github.com/tymondesigns/jwt-auth
and when you save the token on your user browser, you need to set the domain same as your SESSION_DOMAIN.
I grab the tld no matter what subdomain they try to log-in
const tld = (() => {
const host = window.location.host, subs = host.split('.')
if ( subs.length > 2 )
return host.replace(/^[^.]+\./g, "")
return host
})()
then I added . in-front of the tld on domain cookies that holds the token
Cookies.set('token', token, { expires: remember ? 365 : null, domain: `.${tld}` })
so if you go to Application tab from dev toolbar, then under cookies on your app, the domain should be .whatever.com and if you jump from one sub-domain to another you should still be authenticated
Also, regarding with your setup, I think you are just over-using a subdomain in your initial plan.
You can just simply create a table for STORE which holds all different store then add a column for slug. then just create one-to-many or many-to-many relationship for other stuff like store owner from users table, store products from products table etc, so you store table should just look like
id | name | slug
1 | My Store | store1
Then on the front-end, you would grab the slug of the sub-domain and request a query with matching store slug to your API end-point, you only need one structure for your end-point, you don't need to have each store have their own api end-point, you just need to include the store slug every time you hit your end-point which are store specific request, so if you hit store1.whatever.com, all your query should pull everything related to a store with slug store1
Additionally, you don't need to use a sub-domain for admin and api end-point, try looking for a Vue+Laravel template, like this one below which has a lot of features like vue routing, vuex and templating which I think is very suitable for your set-up https://github.com/cretueusebiu/laravel-vue-spa
Then the way you should handle it is much better to be something like this
Front-end -> store1.whatever.com
Admin -> store1.whatever.com/admin/
API end-point -> whatever.com/api/
Related
I have built an API with Laravel + Sanctum consumed by a React Native app. I need to store the user's country, regardless they are logged-in or not. Will have to check the visitor's country on each request to send them country-specific products in response, need the user be identifiable like a web session.
How/where to store the info as session is not available or a viable option to store the data on the server with regard to API?
I know it's not a Laravel specific question but I could not find any standard answer online.
You grab their IP address in Laravel via the request()->ip() method.
There is also a package you can use in order to map their IP address to the country they are from: https://github.com/Torann/laravel-geoip
Make an API endpoint which uses that package to map the request IP address to the persons country and store the response as a cookie in your React Native app.
When someone loads your app, check if their country cookie is set. If it isn't, call your API endpoint to get their country and store it in a cookie.
You can use Auth for Authentition
composer require laravel/ui
php artisan ui:auth
You Can Also Use Session
Session::put("variable", $valueVaribale);
Session::get('variable');
I'm trying to create an SPA with auth and roles.
I've been reading a lot of tutorials that explains how to do it and everyone tells the same strategy:
Save the permissions on localstorage, for example accessToken and is_admin=0|1.
So when you login the backend response fills this data.
Then the vue routing is just checking these 2 fields for granting or preventing the access.
This is so unsecure, anyone can access to develop tools and see this data and change it, just writing a random accessToken grants access on this site... and then is_admin = 1 and wala.
Okay, is difficult to KNOW this but... And every single API call checks this accessToken on the backend.
So there is something we can do to prevent this? Or if we want this "agility navigation" we can't protect 100% route navigation middleware?
One of the guides I followed:
https://scotch.io/tutorials/vue-authentication-and-route-handling-using-vue-router
On the questions section so many people is comenting this, and their response is that is a frontend demo... but how can I rely this on the backend? If I want this every navigation click will refresh the page.
A SPA will only load once. After that navigation is handled by the frontend. However the data needed for the next page is loaded using ajax from the backend. Meaning you can still validate access in the backend before exposing the data you want to protect.
I'm using Ion Auth social
https://github.com/ghosthouse/CodeIgniter-Ion-Auth-Social
and throughout my web check if the user has a session started or not.
if ($ this-> ion_auth-> logged_in ()) {
}
For this reason in /application/config/autoload.php charge
$ autoload ['libraries'] = array ('ion_auth');
in my localhost everything is perfect, but in my website protected with cloudflare, create multiple sessions just with this:
__ci_last_regenerate | i: 1544893031;
creates more than 50 sessions per second with just this info which overloads my sql, obviously it is a problem of codeigniter sessions with cloudflare, I have already created the request in the codeigniter github but it does not seem to matter to them.
So I'm wondering if you can share an option / solution, so that only one codeigniter session is created when the user logs in Ion Auth.
Thank you.
I'm learning both Sails and Vue.js and making a full REST app to do that.
So far from now, I've made a multi-step sign-up page in Vue which is working fine and POST all needed informations in my different Controllers in Sails, it also creates the user.
Now, I'm working on my login page. Again, no problem to PUT informations in my Login Controller and I receive an OK (200) response which let me know the user is logged on my backend server.
Now, I would like to understand how I could keep the information the user is logged-in my server and let him access to private content on my front-end app -> securely. I have understood that Sails use Sessions (alias of cookies ?). Also in the common example on the web, people tend to use JWT which transmit a crypted JSON between the two environnement (and so desactivate the cookies ?).
So, could you please give me a semantic explanation on how I can make both app exchange securely and manage it in Vue Js. I just need some "track" to follow.
SOLUTION
For those who like me are blocked at this initial step, I resolved my problem this way.
1) My backend Sails app generates a JWT (token) on each login.
2) My frontend Vue app stores that information thanks to Vuex and set the header of each request with an Authorization parameter composed of : 'Barear ' + token.
3) All frontend resquests to any Sails controller are verified thanks to a Policy which compares the token in the header of the request with the one generated at the first step.
Now I just wonder if using built in sessions in Sails is relevant or not.
I am new to Laravel. I have created a domain and subdomain with a specific domain group.
domain.com
admin.domain.com
On my domain.com a user can login. And in the subdomain admin.domain.com an admin can login. The problem Im having is when a user is logged in the root domain the admin subdomain is also logged in. I want the root domain and subdomain to be of different sessions. Please help!
This problem is not on framework, I got this problem when I worked with Yii 2.0 too, the issue because sessions general from application key, the solution is make key different between root and subdomain.
The solution here is you have to general another Laravel Application key on your subdomain follow the document:
php artisan key:generate
Application key [Idgz1PE3zO9iNc0E3oeH3CHDPX9MzZe3] set successfully.
2 keys in root and subdomain have to different.
Hope this help.
Laravel by default uses a single cookie to keep session data and manage its authentication system, thats why your user keeps logged across your subdomains, because your cookie is still there.
In this case I think you have 2 options:
1st: Create a different auth system using middlewares for each subdomain group to manage sessions (lets say you create/read a different cookie for each subdomain, but this could be a little bit tricky if the same user want to use the app across different subdomains at the "same time").
2nd: Use a different session driver (lets say database e.g.)