Laravel Subscriptions
This episode is for members only

Sign up to access "Laravel Subscriptions" right now.

Get started
Already a member? Sign in to continue
Playing
23. Non-subscriber and other middleware

Episodes

0%
Your progress
  • Total: 2h 38m
  • Played: 0m
  • Remaining: 2h 38m
Join or sign in to track your progress

Transcript

00:00
You may have already noticed some issues anyway, but we're going to take this episode to go through and do a little bit of tidying up of middleware and also create some new middleware to prevent people accessing places they shouldn't if they already have a subscription. We'll also go ahead and create a custom blade directive that we can wrap any things like plans if a user already has a plan. Let's get started by going ahead and hitting the protected area when we're signed out and you'll notice that we get an error here because we're trying to access a user who just isn't signed in.
00:30
There's a couple of ways that you can deal with this. You can either add this to this middleware or since we already have auth middleware, it makes more sense to apply it. So let's go over to our web routes and just look down each of our routes and see what we need to do here. So the protected route here, what we should have done earlier is added in the auth middleware that will go ahead and check if the user is authenticated first, which makes more sense. So now when we click on protected, it asks us to sign in first, which makes a lot more sense.
00:58
So when we do go and sign in and try and access that, it's going to go ahead and work. OK, so let's go over to our middleware again and just check this dashboard wasn't ours. We have a group here for auth for profile, which wasn't ours. And let's look under our subscription section.
01:13
So we did add the middleware for auth just here, but we've got a little bit of work to do inside of here. So, for example, to access a portal, the user needs to have a subscription. To resume and cancel, the user needs to have a subscription. So we could even create some middleware for that or just add in a little check.
01:31
And the same thing for the invoice download as well. We need to be a Stripe customer to be able to access this area. Now, let's get started on the easier one, which is the plan section. So to be able to access plans, we don't want to have a subscription.
01:45
Let's go ahead and create out some new middleware to deal with that. So we're going to go ahead and make out here some middleware and let's say redirect if subscribed. So if the user is subscribed, we don't want them to be able to access that page. That's pretty much going to be a carbon copy of redirect if not subscribed.
02:04
So let's just go ahead and grab the code for this and just do a truthy check instead. So let's open up redirect if subscribed and let's go ahead and just paste this into here. And we're going to say, well, if they are subscribed, we want to redirect them over. Let's just say to their subscription area.
02:22
OK, let's go ahead and apply this middleware and we'll also look at aliasing this as well. So let's test this out first over on our web routes and we'll apply that middleware directly to here. So inside of here, redirect if subscribed. So let's pull that in and let's go ahead and pull that in nicely.
02:38
OK, let's go over and sign in with the account I created earlier. And now that we're signed in, let's head over to the plan section. And there we go. So we are redirected over to our subscription area as we added to our middleware.
02:51
OK, so let's go ahead and look at some of the other middleware that we can create. So I'm just going to do a couple of these and then you can go through and change up how you want this to work. So let's go and apply some middleware to the portal. So we've already created that middleware.
03:07
Let's go ahead and apply that just directly in here. And we're going to say redirect if not subscribed. Let's go ahead and do that. That just means that if we don't have a subscription, there's no point in going through to the portal.
03:20
OK, so if we go and just cancel off our subscription manually in the database. So let's set the ends at date to now. That should go ahead and cancel that on our end, not with Stripe. In fact, let's just go ahead and completely delete this from the database.
03:35
Kind of makes more sense. And then we end up in the state where we just don't have a subscription. It never ends. OK, so now let's go over to the subscription section and let's try and access that portal.
03:47
And as you can see, we're redirected back over to plans. So that is working nicely. We can just apply this middleware anywhere that we need. So, for example, the invoice download, we would want to access this if we're not a customer.
04:00
So if we don't have a Stripe ID, this wouldn't work. So what you could do is go ahead and add in some more middleware. I'm not going to do that now, but you would do a redirect if no Stripe ID. And remember, we checked a little bit earlier in our user observer if we have a Stripe ID.
04:17
So really, all you're going to need to do is add in some middleware there that checks if the user has a Stripe ID. And then if they don't redirect them, because there's no point, they're not going to have any invoices. The same thing with resume and cancel as well. Let's go ahead and just do the same for these, because this kind of makes a little bit more sense.
04:34
So for resuming, we need to make sure that the user's subscription hasn't already been cancelled. So this gets a little bit annoying, creating all this middleware. So we'll create out some aliases for this in a minute. So we're going to say redirect if not cancelled.
04:50
And then we'll create another piece of middleware redirect if cancelled. Again, you can do these checks directly within the controller if you want to. And to be honest, I think behind the scenes, the actual methods that we use for this. So resume will actually check this in the background as well.
05:06
But it doesn't hurt adding this middleware so you can control the flow of this. Flash a message to the user if you want to, to show them that something has already been cancelled. So in here, let's go ahead and apply this middleware. Let's apply the redirect if cancelled middleware in here, because we can't cancel something that's already been cancelled.
05:26
And then we'll do the same thing for resume. So we'll redirect if the subscription has not been cancelled. So let's go ahead and make sure we import the classes for both of these. And let's go ahead and fill these out.
05:38
So to cancel a subscription, let's go over to this middleware. We need to make sure that the user hasn't already cancelled. So we are going to access from that user the subscription, remember, and we're going to say cancelled. So if it has been cancelled, we're going to redirect somewhere else.
05:59
So let's redirect back over to that subscription page. And let's go ahead and copy this and apply this to the redirect if not cancelled middleware. Let's pull this down into here and we'll just do the same thing if it hasn't been cancelled. OK, let's go through the entire flow.
06:17
So I'm going to go ahead and sign up for a monthly plan again. And once that's finished, we'll be redirected over and we should have our subscription. So let's go ahead and try and cancel this. So remember, we can only cancel if we haven't cancelled.
06:32
And that looks like it works. Same for resuming as well. We can only access this if we're resuming. OK, so I'll let you go ahead and add any other middleware that you need. You already know all the methods that you need to use to apply the middleware.
06:44
You know how to apply the middleware. Let's just look at two more things before we go. The first one is going to be adding aliases. And we'll just do this for one of the pieces of middleware.
06:53
And you can add any other aliases you want. So let's add an alias for redirect if not subscribed. So this is going to make this a little bit easier to work with. It will mean that we can just use something like this, the keyword subscribe,
07:07
much like the way that auth is defined. How do we do this? Well, if we come over to the bootstrap folder under the app file, under the middleware section that we came to earlier
07:17
where we validate our cross-site request forgery tokens, we can also go ahead and add aliases here. So we can say middleware alias. And then we can pass in an array with any of the aliases.
07:27
So for subscribed, this is going to be the redirect if not subscribed middleware that we created. We define out the fully qualified class name here. And we just have the keyword here that we want to use.
07:39
So now this is going to work in exactly the same way. It's just a little bit easier to write and a little bit easier to read. So you can see that this still works. And of course, if we didn't have a subscription,
07:49
this would work in exactly the same way. Finally, let's go ahead and create out a custom blade directive, which means we can wrap any sections of our blade templates in a directive which will not show something
08:01
if the user does not have a subscription. To do this, we're going to head over to our app service provider. And under the boot method, we can actually use blade to create out a custom if statement.
08:13
So let's go ahead and pull in the blade facade and use if. And then we're just going to give a name for this. So let's call this subscribed. It means that we can wrap anything we want in a subscribed tag
08:24
and it will only be rendered if the user is subscribed. So now what we can do is create our closure here and we can just return some sort of condition. So let's just return that it's false for now just to check this out.
08:36
Now that we've done this, let's head over to our navigation and let's find that plans menu item that we created earlier. Now that we've created that custom blade directive, we can just use at subscribed and end subscribed.
08:51
Pull this in and this will only be shown if that returns true. So let's go back over and you can see that sure enough because we returned false, it's disappeared. Now what we can do is just go ahead and fill that in.
09:02
So we already know how to do this. We want to use auth user and subscribed. That's what we need to do. Now in here, we need to be careful
09:11
because of course we need to make sure the user actually exists. So we can either use an if statement here or a conditional on accessing this method. Let's go over and give that a refresh
09:20
and you can see that it still works. We want to say if not subscribed. In fact, let's change this whole thing up because we want this to be not subscribed, don't we,
09:30
to hide things if the user doesn't have a subscription. So let's go ahead and just change the name of that and then you can create a subscribed one if you want to. So let's change this over to not subscribed
09:40
and we'll say end not subscribed. Okay, let's go over and yeah, sure enough that disappears. Let's go ahead and just get rid of this from the database and we should see them plan section back again.
09:51
And of course we know we can't access that actual route because we've created some middleware. There we go, that's come back again. So feel free to create as much middleware as you want
09:59
to control the flow of your app and also create aliases to make it a little bit easier and of course create them custom blade directives to make things within templates a little bit easier as well.

Episode summary

In this episode, we're focusing on cleaning up our middleware and introducing some new middleware to better control access throughout our app, especially when dealing with users' subscription status.

First, we see what happens if an unauthenticated user tries to hit a protected route and how to fix that by making sure all protected routes use the auth middleware. This ensures users have to log in before seeing sensitive content.

Next, we tackle the logic around subscriptions. For example, there's no point letting a user view subscription plans if they're already subscribed, so we create a RedirectIfSubscribed middleware. We make this by copying and tweaking our RedirectIfNotSubscribed middleware, and we test this by applying it to our routes.

We continue by creating additional middleware to handle more specific situations, like only allowing access to the portal or invoice downloads if the user has a valid subscription or Stripe customer ID. There are middleware pieces for things like resuming and cancelling a subscription, ensuring that users can only perform these actions when it's valid (i.e., you can't cancel an already-cancelled subscription). We also set up aliases to make using the middleware in routes a bit nicer and cleaner.

To finish up, we show how to create a custom Blade directive that lets us conditionally show content in our templates based on subscription status — for example, only showing a 'Plans' link if the user is not subscribed. This is implemented as an @notsubscribed directive in Blade, and we talk through how to set it up and use it.

By the end, you've got a flexible set of middleware and template tools to manage what users can see and do based on their subscription, making your app more robust and your code a bit more maintainable.

Episode discussion

No comments, yet. Be the first!