Horizon: Can't middleware be used ?

For what purpose?

For Authentication

Route::group(['middleware' => ['auth', 'auth.admin']], function() {
     Horizon::auth(function ($request) {
            return true;
     });
}

Just use the Horizon::auth method in your service provider and decide using the given request object wether this user should have access to horizon or not:

Horizon::auth(function ($request) {
            return $request->user()->is_admin;
        });

$request->user() always return null

Horizon::auth(function ($request) {
            return $request->user(); // Null
        });

I was coming to report this also. I'm successfully logged in, but can't access user from the request object.

From the best of my knowledge, to get auth we need to have sessions enabled (they are in middlewares) and service providers are fired _before_ middlewares, no? Maybe @themsaid can confirm this, we might just be doing something wrong also...

It's fixed now in the latest commit :)

Thank you @themsaid. Will definitely be checking how you can send logged user to a service provider in the source code now! ;-)

You register a callback, and the Horizon calls it in a special middleware :)

Thank you @themsaid. 👍

Can you tell me which service provided to add the code in?

$request->user() always return null

Horizon::auth(function ($request) {
return $request->user(); // Null
});

@gadhiamitul41 waits stable version. It's fixed in the useWebMiddleware commit. You can play with 1.0.x-dev version.

This commit https://github.com/laravel/horizon/pull/68/commits/1317f543ba0025b01e3627e8138b0ceb708c6055 does indeed solve the issue of the user being null, just curious what approach people are taking when you're authing is API based?

Example, I would need to access my user like this.

Horizon::auth(function ($request) {
      return auth()->guard('api')->user()->is_admin;
}); 

Surfing on what @ninjaparade says, it got me thinking: there is no way to redirect somewhere if a user isn't auth'ed, and it just throws an error page... Anyway to show something else?

@jpmurray While it'd be nice to have a simple redirect property in the horizon config (potential pull request maybe?) I'm just catching this in the render method of the App\Exceptions\Handler:

if($exception instanceof HttpException){
    if($exception->getStatusCode() == 403 && $request->is('horizon*')) return redirect('/');
}

@stephenoldham good thinking!

@stephenoldham How did you defined $exception ??

@neorganic You place the snippet of code above into the render method of your App\Exceptions\Handler. The exception is passed into that method as a parameter.

I ended up doing this in my AppServiceProvider:

        Horizon::auth( function () {
            abort_unless( (
                auth()->guard()->user() instanceof User &&
                auth()->guard()->user()->isAdmin()
            ), 404 );

            return true;
        } );

I know the auth function produces an abort with a 403 code, but I wanted the horizon interface to stay unknown, not just undisplayed.

I too wish there was a way to wrap the auth inside of a middleware

I want to use the jwt.auth middleware and right now am not sure how to proceed yet

So this is kinda hilarious. I found out that Horizon has an undocumented feature to solve this.

https://github.com/laravel/horizon/blob/1.0/src/HorizonServiceProvider.php#L54

Horizon does try to grab its list of middlewares from config. This isn't documented anywhere unfortunately.

You can simply add 'middleware' => ['web', 'auth'], to your config/horizon.php.

@francislavoie that works, thanks

The answers above help you, but this link also helps you with the procedure.
https://stefanzweifel.io/posts/use-basic-authentication-to-protect-the-laravel-horizon-dashboard/