Authorization
Panels offer flexible integration with multiple guards and middleware configurations to secure your application’s routes and broadcasting channels. This guide will help you set up and manage these configurations in a simple and clear manner.
#Guards
Guards determine how users are authenticated for each request. Laravel supports multiple guards, which you can configure via panels.
Default Guard Setup
A panel can define a single guard:
use Wirechat\Wirechat\Panel;
public function panel(Panel $panel): Panel
{
return $panel
//..
->guards(['web']);
}
No additional setup is needed if you are using the default web guard.
Using Multiple Guards
If your application uses multiple guards, such as admin and web, you can chain them in the panel:
use Wirechat\Wirechat\Panel;
public function panel(Panel $panel): Panel
{
return $panel
//..
->guards(['web', 'admin']);
}
This allows users authenticated via any listed guard to access the panel’s routes and private channels.
#Middleware
Middleware authenticates users when they subscribe to channels or access panel routes, such as /chats or conversation-specific pages.
#Default Middleware Setup
Panels automatically apply the belongsToConversation middleware to conversation routes. You can also define additional middleware for the panel:
use Wirechat\Wirechat\Panel;
public function panel(Panel $panel): Panel
{
return $panel
//..
->middleware(['web', 'auth']);
}
#Multi-Guard Authentication
For multiple guards, the middleware should handle all of them:
use Wirechat\Wirechat\Panel;
public function panel(Panel $panel): Panel
{
return $panel
//..
->middleware(['web', 'auth:admin,web'])
->guards(['web', 'admin']);
}
#Chat Middleware
By default, the belongsToConversation middleware is automatically applied to the /chats/{conversation} route.
This ensures that only authorized users, such as conversation members, can access the chat.
If you want to adjust or extend how chats are viewed or accessed, you may register additional middleware here:
use Wirechat\Wirechat\Panel;
public function panel(Panel $panel): Panel
{
return $panel
// ...
->chatMiddleware([
// Your custom middleware
]);
}
With this setup, your conversation routes remain secure under a variety of authentication setups.
#Using the `belongsToConversation` Middleware
The belongsToConversation middleware is automatically applied to the default chat view routes, such as /chat/{id} . This ensures that users can only access conversations they are part of.
However, if you decide to use the chat component independently of the default routes—like embedding it on a custom page—you must manually apply the belongsToConversation middleware to your route. This guarantees that only authorized participants can access the conversation.
use Illuminate\Support\Facades\Route;
Route::get('/custom/{id}', function ($id) {
return view('custom', ['id' => $id]);
})->middleware(['web', 'auth', 'belongsToConversation']);
Then in Blade:
<livewire:wirechat.chat :conversation="$id" />
By adding the middleware, you ensure your custom routes maintain the same access control as the default chat routes.
#Broadcasting Middleware Configuration
Panel guards and middleware should match your BroadcastServiceProvider settings to avoid conflicts:
// app/Providers/BroadcastServiceProvider.php
Broadcast::routes([
'middleware' => ['web', 'auth:admin,web'],
'guards' => ['web', 'admin'],
]);
Key Points:
- Consistency: Ensure that the
guardsandmiddlewaredefined inBroadcastServiceProvidermatch those in Wirechat's configuration. - Avoid Conflicts: Inconsistent settings can cause users to be improperly authenticated, leading to access issues.