Protecting all admin/ routes with auth in Laravel

Question

I am brand new to laravel and am setting up admin panel authorization on my first application. The way I have my files setup currently setup is:

controllers/
    admin/
        dashboard.php
        settings.php
    non-admin-controller1.php
    non-admin-controller1.php
views/
    admin/
        dashboard.blade.php
        login.blade.php
        template.blade.php
    non-admin-view1.php
    non-admin-view1.php
    non-admin-view1.php

...and these are my routes

Route::get('admin/login', function()
{
    return View::make('admin.login');
});

Route::get('admin/logout', function()
{
    return Auth::logout();
    return Redirect::to('admin/login');
});

Route::post('admin/login', function()
{
    $userdata = array('username' => Input::get('username'),
                      'password' => Input::get('password'));
    
    if (Auth::attempt($userdata))
    {
        return Redirect::to('admin');
    }
    else
    {
        return Redirect::to('admin/login')->with('login_errors',true);
    }
});

Route::controller('admin.dashboard');

Route::get('admin', array('before' => 'auth', function() {
    return Redirect::to_action('admin@dashboard');
}));

Route::filter('auth', function()
{
    if (Auth::guest()) return Redirect::to('admin/login');
});

When I go to /admin I am redirected to admin/login and asked to login which is exactly how I need it to work. Upon logging in I am redirected to admin/dashboard and it all looks good there too. I am having 2 problems however.

1. When I go to admin/logout I am logged out but greeted with a blank page (it's not redirecting to admin/login)

2. When logged out, if I go to admin/dashboard I am greeted with the error

Error rendering view: [admin.dashboard]

Trying to get property of non-object

What am I doing wrong here? What am I doing right? Would it make more sense to create a separate bundle for admin? Thanks!

Answer 1

So I was able to solve my problem a slightly different way. I created an (base) Admin_Controller in the root of the controllers folder, with a constructor calling the auth filter before execution:

class Admin_Controller extends Base_Controller {

    public function __construct()
    {
        $this->filter('before', 'auth');
    }

}

and then made all my admin related controllers in /controllers/admin extend Admin_Controller and call the parent constructor:

class Admin_Dashboard_Controller extends Admin_Controller {

    public function __construct()
    {
        parent::__construct();
    }

    public function action_index()
    {
        return View::make('admin.dashboard');
    }

}

This might not be the most eloquent solution, but it does the job!

Answer 2

In your admin/login route you have an unnecessary return before the Auth::logout() call, nuke that and it should fix it up.

Another issue here is that only your one 'admin' route is getting filtered. You could wrap all of your admin routes with a Route::group() and apply the 'auth' before filter or you could use Route::filter('pattern: admin/*', 'auth') too.

Check out:

http://laravel.com/docs/routing#filters

For the second issue, is your Admin Dashboard controller class named Admin_Dashboard_Controller and if so, do you have an action_index() or get_index() function in there returning a view?

Check out:

http://laravel.com/docs/controllers#nested-controllers

(I'm assuming you're using L3 here btw.)

Answer 3

For future readers, a very clean way to handle this is using Laravel's Route Groups:

Route groups allow you to share route attributes, such as middleware or namespaces, across a large number of routes without needing to define those attributes on each individual route.

Route::group(['middleware' => 'auth'], function () {
    Route::get('/', function ()    {
        // Uses Auth Middleware
    });

    Route::get('user/profile', function () {
        // Uses Auth Middleware
    });
});

They can be used not only for authentication, but also Namespaces, Sub-Domains, and more.