Laravel Subscriptions
This episode is for members only

Sign up to access "Laravel Subscriptions" right now.

Get started
Already a member? Sign in to continue
Playing
12. Protecting routes

Episodes

0%
Your progress
  • Total: 2h 38m
  • Played: 0m
  • Remaining: 2h 38m
Join or sign in to track your progress

Transcript

00:00
So time to do something a bit more useful and let's go ahead and create a protected area where only people who are subscribed can access. And by the end of this episode, once you've created this middleware, you can apply this to any of the routes or actions in your application to stop people who do not have a subscription performing an action.
00:21
OK, so just before we do this, I'm going to do this quite frequently. We're going to go ahead and clear out these subscriptions and subscriptions items table. And let's go over and create out a little menu item that links through to a page. OK, so we're going to create out a controller here.
00:38
Let's call this protected controller. So protected controller. And we'll go ahead and register out a route for this, which at least for now, anyone will be able to access. So let's go ahead and call this protected.
00:52
We'll switch this out to the protected controller that we've just created and we will call this protected. OK, over to the protected controller. Once again, let's go ahead and create out an index method here and let's go ahead and return a view here just called protected. And let's create that view out as well.
01:12
So make view and we'll just call that protected. OK, that's reserved by PHP. So let's go ahead and just create a folder with protected and an index page inside of here and link that up. OK, so let's grab the dashboard page, copy that over to that new protected index page that we have just created.
01:32
And we will say. Protected and just say you can only access this page with a subscription. OK, so over to our navigation, let's go ahead and add in another link in here and we should be just about done. OK, let's hook this up to protected.
01:52
We'll do the same for here as well. And let's change around the text in here to protected. Great. So we should now be able to click on this. The only trouble is at the moment we do not have a subscription.
02:05
So what we want to do is create out some middleware, which we can apply to any of our routes to stop users accessing these routes if they don't have a subscription. So let's go and create this middleware out and we'll fill this in and see how we need to handle it. So let's create this middleware in here and let's call this redirect if not subscribed. So redirect the user off somewhere if they don't have a subscription.
02:30
Once we've created that middleware, you'll find this over in the app folder under HTTP and middleware. Let's open this up and let's just do something in here. So let's return and we'll redirect the user to the plans page. So we're not actually doing anything useful at the moment.
02:48
We're just going to redirect the user. OK, so now that we've done that over in our web routes, we can apply this middleware directly to this route. So let's choose the middleware option and let's go ahead and new up or just pass in redirect if not subscribed and the fully qualified class name. OK, so now when we try and access protected, you can see we're redirected over to plans.
03:11
We just need to wrap this in an if statement now, so it makes a little bit more sense. So over in this middleware, we already know how to check if a user does have a subscription and this will be a valid subscription, even if they have cancelled it and it's due to end at the end of their billing period. So let's go ahead and create an if statement here and we will check if from the request, which we get in middleware anyway, the user is subscribed.
03:38
Now, we obviously want to check if they are not subscribed. So if they're not subscribed at this point, pass them over to plans. Otherwise, let them go on to the next request. OK, let's try this out.
03:49
So I'm going to go over to the protected area. I don't have a subscription at the moment, so let's go ahead and purchase a subscription. So again, I'm just going to fill in all of these details. And once we've done this and we are redirected back after we make a payment, we should be able to access that page.
04:05
So let's have a look and see what happens. OK, we're redirected back over to the dashboard that webhook in the background, as long as we've got exposed running, should have updated our account. Let's access the protected area. And there we go.
04:21
Now we have a subscription. We can access this page. So with this middleware, you can apply this to absolutely anywhere. So any pages that you want to protect, you just apply that middleware and then you're pretty sure that no one is going to be able to access it unless they're subscribed.

Episode summary

In this episode, we dive into protecting parts of our app so that only subscribed users can access them. We start by clearing out any old data and setting up a new page, which we'll call the "protected" area. We add a link in the navigation to this new page, making it look just like the dashboard – except, of course, only subscribers should be able to get in.

After the UI is set up, we get into the real magic: creating middleware. Middleware lets us add a gatekeeper to any route or controller. Our new piece, called RedirectIfNotSubscribed, does a check: if the user isn't subscribed, it redirects them to the plans page where they can choose a subscription.

We walk through wiring up this middleware on our protected route. At first, everybody gets redirected, but once we hook up the actual subscription check, it only allows access if the user has an active subscription (even if it's set to cancel at the end of the period).

We then test it out – try to access the page without a subscription (and get redirected), then go through the subscription process. Once subscribed, trying again lets us in!

By the end of this episode, you'll see how to use this middleware to protect any other route in your app, making sure only your paying members get the exclusive access.

Episode discussion

No comments, yet. Be the first!