Now, let's talk about subdomains. This is a typical way to structure multi-tenancy projects, and how to separate tenants so every tenant would have a "personal space". Fake, but personal space.
What do I mean by fake? Why is it fake?
Because subdomains can't act as a security filter, it wouldn't be secure enough. For example, we have a tenancy.test domain. And for every tenant/company/team, we create a subdomain like povilas.tenancy.test.
If I take just the URL and filter the data by that URL, anyone could fake my URL without even being logged in. Another way would be to log into another tenant, replace their URL, and land onto my workspace, which is a security issue.
So, in this lesson, we will create subdomains. I will show you how it works, but you need to understand correctly that it is more like the cherry on top, like part of the design of your application, but not the secure authentication of the tenant.
Let's implement these features:
- Register the subdomain during the registration and then redirect to the correct subdomain.
- When switching between the tenants, redirect them to their subdomain.
Registering the Subdomain
In the registration form, let's add the input for the subdomain.
resources/views/auth/register.blade.php:
// ... <!-- Email Address --><div class="mt-4"> <x-input-label for="email" :value="__('Email')" /> <x-text-input id="email" class="block mt-1 w-full" type="email" name="email" :value="old('email')" required autocomplete="username" /> <x-input-error :messages="$errors->get('email')" class="mt-2" /></div> <!-- Subdomain --><div class="mt-4"> <x-input-label for="subdomain" :value="__('Subdomain')" /> <x-text-input id="subdomain" class="block mt-1 mr-2 w-full" type="text" name="subdomain" :value="old('subdomain')" required /> <x-input-error :messages="$errors->get('subdomain')" class="mt-2" /></div> <!-- Password --> // ...</x-guest-layout>
Next, create a subdomain column in...
Where do you check the subdomain assigned to the tenant? Regardless of which subdomain I enter, the dashboard shows me (checking permissions by subdomain does not work).
You can add the check based on the
$user->current_tenant_idin your system. This can be done via middleware or via if conditions where you need it to.An example is at the end of the video with the
TenantControllerCan you give me some code example? I don't know how to apply this to the example in question.
Example code for what exactly? There is both video and a github repository with the code shown there
I need code to check whether the subdomain entered by the user is assigned to him. Currently, I enter any subdomain and see my dashboard, e.g. test.mydomain.com, test2.mydomain.com (test2 is not my subdomain tenant).
Oh, now I understand.
For this, you need to create a custom middleware, which would check if the domain belongs to user.
You can get the subdomain with this code:
$request->route('subdomain')and simply compare toauth()->user()models allowed subdomains.There is no ready-made example of this, sorry!