Build Your Own PHP Framework
This episode is for members only

Sign up to access "Build Your Own PHP Framework" right now.

Get started
Already a member? Sign in to continue
Playing
44. Adding auth middleware and grouping routes

Episodes

0%
Your progress
  • Total: 4h 45m
  • Played: 0m
  • Remaining: 4h 45m
Join or sign in to track your progress
01. Setting up
01. Introduction
2m 23s
0%
02. Composer and PSR-4 Autoloading
6m 17s
0%
03. Bootstrapping and structure
3m 18s
0%
04. Error reporting with Ignition
3m 49s
0%
02. Container
05. Using a container
3m 21s
0%
06. Adding service providers
5m 23s
0%
07. Autowiring with reflection
5m 5s
0%
08. Refactoring to a singleton
4m 17s
0%
03. Application config
09. Building the Config class
6m 19s
0%
10. Reading and merging config files
6m 21s
0%
11. Registering service providers through config
2m 13s
0%
12. Using env files
6m 26s
0%
04. Routing and controllers
13. Everything starts with requests
6m 52s
0%
14. Adding routing
5m 27s
0%
15. Responding in routes
4m 13s
0%
16. Cleaning up responding
7m 12s
0%
17. Defining routes in a separate file
3m 10s
0%
18. Creating a controller
5m 17s
0%
19. Using services inside controllers
2m 3s
0%
05. Views
20. Installing Twig
6m 22s
0%
21. Rendering a view
3m 36s
0%
22. Debugging in Twig
4m 45s
0%
23. Creating a base layout
3m 38s
0%
24. Page titles in Twig
4m 31s
0%
25. Creating a Twig config helper
8m 57s
0%
06. Database
26. Setting up and querying the database
13m 29s
0%
27. Working with models
4m 32s
0%
28. Creating an example user profile page
5m 49s
0%
07. Authentication
29. Setting up Sentinel
8m 36s
0%
30. Creating the registration flow
5m 44s
0%
31. Registering and authenticating a user
5m
0%
32. Showing authenticated state
5m 40s
0%
33. Logging in
3m 59s
0%
34. Logging out
3m 2s
0%
08. CSRF Protection
35. Protecting routes with CSRF
7m 51s
0%
36. Adding tokens to forms
6m 5s
0%
09. Flashing messages
37. Basic session flashing
5m 46s
0%
38. Creating a Twig helper and flashing globally
1m 39s
0%
10. Validation
39. Validating the login form
6m 40s
0%
40. Manually adding validation errors
1m 24s
0%
41. Validating the registration form
4m 5s
0%
42. Custom validation rules
9m 39s
0%
11. Middleware
43. How middleware works
5m 41s
0%
44. Adding auth middleware and grouping routes
7m 37s
0%
45. Persisting old form data
6m 53s
0%
12. Exception handling
46. Creating an exception handler
3m 38s
0%
47. Custom 404 (and other error) views
7m 27s
0%
48. Rendering views for CSRF errors
5m 18s
0%
13. Pagination
49. Paginating with Eloquent
7m 48s
0%
50. Building a pagination view with Twig
7m 38s
0%
14. Global helpers
51. Registering functions with PSR-4
1m 50s
0%
52. Container resolution helper
2m 24s
0%
53. View and config helpers
4m 12s
0%
54. Route generator helper
4m 34s
0%

Transcript

00:00
Now that we've seen an example of some middleware, let's actually build something that's useful. And the first thing we're going to get started with is creating some middleware that will redirect the user over to the login page if they are not signed in.
00:13
We can also, within our middleware, flash a message to tell the user they need to be signed in to access this page. So we can do all of this within middleware. OK, so once again, let's go ahead and create out a piece of middleware in here. Let's create a class called redirect if guest. Now, when I'm naming middleware,
00:31
I usually create this with the name of what's actually going to happen. So we will redirect the user if they're a guest, i.e. they're not signed in. OK, let's create this out. And again, we're going to go ahead and implement our middleware interface. We'll go ahead and pull in the process method, which gives us the request
00:49
and the handler so we can return that response. Let's go ahead and just handle this first of all. So we'll say handle, handle, and we'll pass the request in. Now, it's at this point here, we want to create an if statement to redirect the user, not handle the next piece of middleware in the stack if they're not signed in. So let's just go ahead and mock this out for now, and then we'll
01:11
fill it in. So I'm going to say if true, and then I'm going to return a response. So we already know how to return responses. We've looked at returning redirect responses as well. So we're going to return a new redirect response here, and we're going to go through to the page that we want to redirect the user to if they're not signed in. We know that's going to be login. OK, so now that
01:30
we've created this middleware, let's go ahead and apply it to our dashboard controller, and then we'll look at root groups so we can make this more efficient. OK, so let's say new and redirect if guest, and we should be good. So now whenever I try and access my dashboard, even if I am authenticated, this is redirecting us over to the login page. So let's go over and actually fill
01:53
this in so it's useful. So what we can do in here is either pass our container in as a dependency, or because we've got a singleton for our container, we could just grab this out for the singleton. It's entirely up to you. I'm going to go ahead and grab this directly out. So let's say container, and let's use container from our core, and say get instance. Now we have access to our container,
02:17
and we can use our auth functionality to check this, and we can even flash a message. So we're going to say if container get, and let's call sentinel here, and we're going to say check. That's a method on sentinel to see if we are signed in or not. If we're not signed in, we're going to redirect. So let's go over to our dashboard, and now it works. But let's log out and now try and
02:40
access our dashboard manually, and you can see we're redirected over to login. So because this works like a controller, we're returning a response. We can do anything we want in here. Let's go ahead and flash a message as well. So we'll say container get, and let's say session from our HTTP foundation session. Let's go ahead and grab our flashback, and let's go and set into
03:04
here a global message, and just say log in before doing that, and we should be good. Okay, we might need an add method there. We don't get auto complete here because we're working with a singleton that returns an instance, but let's just try this out. Okay, yeah, there we go. We've got login before doing that. Obviously, when we refresh, we can go ahead and sign in as normal.
03:27
Okay, so let's go ahead and build out another piece of middleware, which is going to be to redirect the user if they are already authenticated. So it's pretty much going to be the opposite of what we've just built. So I'm going to create out a new piece of middleware called redirect if authenticated. This will be used to protect routes like the login and register page that the
03:46
user doesn't need to access if they're already authenticated. So let's change the name over to this redirect if authenticated. So let's just rename this real quick. Authenticated, and there we go. Okay, so I'm not going to do any flashing or anything like that in here. We'll just keep it super simple. Let's redirect these over to the dashboard if they are already signed in,
04:10
and we'll change this check over to check if they are signed in. That's all we need to do. Pretty similar, just the complete opposite. Okay, so let's apply this middleware to the register index page, and then we're going to look at route grouping because this is starting to look a bit messy. Okay, so let's new out our redirect if authenticated middleware, and we should be good.
04:30
Okay, so we'll go ahead and sign in here, and let's try and access the which where do we add this to register. So let's try and access register, and you can see we're redirected back to the dashboard. So you can use this middleware for some really useful things like, for example, protecting pages if the user hasn't got a active subscription or they haven't paid
04:50
really anything that you need to do. Okay, so now that we have created the two pieces of middleware that are really important here, particularly for things like the dashboard, doing this on every single route is just not going to work. It's going to look a little bit messy to have to individually add middleware. There's nothing wrong with doing that, but let's look at a better way.
05:09
Okay, so we're going to look at route groups. Let's get rid of the two pieces of middleware that we've already added here, and let's group these into sensible groups. So we know that to register and log in, we need to be not authenticated. We want to protect these and redirect if the user already is authenticated. So to create out a route group, we're going to use
05:30
our router. We're going to use the group method in here, and the first argument is a prefix. So for example, if you wanted all these routes to be under an auth prefix, you would have auth register, auth login. We're just going to set this to a slash because we want these just individually named, but you can choose whatever you want. Okay, so now we're going to create out
05:51
a closure in here, and into this closure, when we invoke this group method, we're going to get a route group instance, and this is going to be our router, or I'm just going to call this route just so it's a little bit different to what we're doing outside of here. So now what we can do is grab all of these, put these directly inside of the group, and we'll change the name over to each
06:15
of these with route, or you could even call that group, it's entirely up to you. Okay, so now that these are in a group, everything will be working as normal, so we can still log out, we can access our login and register pages, but now what we can do is we can apply middleware to this entire group, and that's the whole point of this. It makes it a lot easier to group things by the middleware
06:36
and also the prefix. So this is going to be a redirect if authenticated. We don't use it to access any of these routes if they're already authenticated. Let's go ahead and log in and just try this out. So I'm going to go over to the login page again to try and log in again, and yeah, sure enough, it still works. We're redirected over. Okay, so we can do the same thing here for any of
06:56
the other routes we've got. So dashboard and log out, we need to be authenticated to access these. So why don't we just grab all of this code here, paste it down, and let's just switch these two things over, and you can structure your routes however you want. There's nothing wrong with having individual routes with individual middleware, but grouping sometimes helps. Okay, so we're going to
07:17
go ahead and change that over to route, and both of them again are just within a slash group, and we're going to change this to redirect if guessed, and we should be good. Let's go over and try this out. If I hit log out, that still works. If I try and access my dashboard when I'm not signed in, we're redirected over to login.
54 episodes4 hrs 45 mins

Overview

Starting completely from scratch, build a modern PHP framework with all the features you’d expect.

Whether you’re new to PHP or not, this is a great exercise for learning what happens under the hood, arming you with knowledge you can apply anywhere you use PHP.

We’ll cover routing, controllers, views, the container, accessing the database, models, authentication, config, CSRF protection, exception handling, pagination, validation, flashing messages and much more.

Let’s dive in and build a PHP framework, step-by-step!

Alex Garrett-Smith
Alex Garrett-Smith
Hey, I'm the founder of Codecourse!

Episode discussion

No comments, yet. Be the first!