I have a laravel API where I am passing through a custom header e.g. x-account-id, my users can belong to multiple accounts and I am using session storage so that they can potentially have 2 tabs open and be logged into more than one account.
I need a way to process the custom header after the authentication process has completed so that I can do 2 things:
1) Check that the account id is valid for the user. I am implementing JWT to prevent tampering but want to do a proper check. 2) Create a class like an AccountContext which can then be used by service classes and repositories to scope the data to the account.
Where would be the best place to add this functionality in laravel, would it be middleware? I would also like the ability to use this functionality for scheduled/console tasks so don't want to rely on the Request class to always handle this.
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire