How to add custom authentication middleware in laravel? Tweet

Most of the web applications have more than one user where different roles and permissions are defined to each set of such users. To verify the users authentication level and control access to the pages, these applications need to have different authentication modules. Using Middleware, you can easily implement such authentication filters in Laravel.

Lets have a look on how to add custom authentication middleware in Laravel.

Add a custom field in the Users table

If your project is just set up, you can open the migration file of users table and add a custom field. Let's give it a name role with a default value author.

$table->string('role')->default('author'); 

Run the migration to migrate the table.

php artisan migrate

Alternatively, you can open phpmyadmin and manually add a new field on the Users table and define the default value too.

You can use the built-in authentication system for registration and login provided by Laravel for the basic authentication functionalities via a single command.

php artisan make:auth

Create Middleware

Now, create a middleware named Role using the terminal.

php artisan make:middleware Role

A middleware is created inside app/Http/Middleware/ with the same name as stated above (Role.php) which contains the basic code provided by Laravel.

In this file, you only need to update a single function i.e. handle() with your own authentication logic.

Here's an example.

public function handle($request, Closure $next)
{
  if(auth()->user()->role == 'Admin'){
    return $next($request);
  }
  return redirect('home')->with('error','Permission Denied!!! You do not have administrative access.');
}

Basically, this function checks if the role value of the logged in user is Admin or not. If it is true, the requested route will be processed as intended else the user will be redirected to another route home with an alert message.

Update Kernel.php

To make this middleware work, you will need to register the middleware as protected $routeMiddleware in Kernel.php located in app/Http/ directory as shown below.

<?php
  protected $routeMiddleware = [
    'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
    'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
    'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
    'can' => \Illuminate\Auth\Middleware\Authorize::class,
    'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
    'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
    'role' => \App\Http\Middleware\Role::class,
  ];
?>

Protect Route

Finally, you can go to your web.php file and add the middleware to any route you want to filter using it as shown below.

Route::get('register','HomeController@register')->middleware('role');

In this way, you can easily create a middleware in Laravel and setup custom authentication filters in your application.