Identify tenants by the "Origin" header (#21)

* Add origin ID MW * Test origin ID MW * Test origin ID MW with early identification * Fix code style (php-cs-fixer) * Fix PHPStan errors * Add getDomain() to domain ID MW, simplify origin ID MW * Fix code style (php-cs-fixer) * Rename InitializeTenancyByOrigin to InitializeTenancyByOriginHeader * Add onFail test * Stop throwing the exception in getDomain() * FIx merge * Improve origin identification test file * Clean up test --------- Co-authored-by: PHP CS Fixer <phpcsfixer@example.com>
2025-12-12 19:04:02 +00:00 · 2024-01-08 00:29:01 +01:00 · 2024-01-08 00:29:01 +01:00 · 9e4f33e5c5
commit 9e4f33e5c5
parent df9324b92f
7 changed files with 124 additions and 4 deletions
--- a/assets/config.php
+++ b/assets/config.php
@ -60,6 +60,7 @@ return [
            Middleware\InitializeTenancyByDomainOrSubdomain::class,
            Middleware\InitializeTenancyByPath::class,
            Middleware\InitializeTenancyByRequestData::class,
+            Middleware\InitializeTenancyByOriginHeader::class,
        ],

        /**
--- a/src/Middleware/InitializeTenancyByDomain.php
+++ b/src/Middleware/InitializeTenancyByDomain.php
@ -31,10 +31,12 @@ class InitializeTenancyByDomain extends IdentificationMiddleware implements Usab
            return $next($request);
        }

+        $domain = $this->getDomain($request);
+
        return $this->initializeTenancy(
            $request,
            $next,
-            $request->getHost()
+            $domain
        );
    }

@ -44,6 +46,11 @@ class InitializeTenancyByDomain extends IdentificationMiddleware implements Usab
     */
    public function requestHasTenant(Request $request): bool
    {
-        return ! in_array($request->host(), config('tenancy.central_domains'));
+        return ! in_array($this->getDomain($request), config('tenancy.central_domains'));
+    }
+
+    public function getDomain(Request $request): string
+    {
+        return $request->getHost();
    }
 }
--- a/src/Middleware/InitializeTenancyByDomainOrSubdomain.php
+++ b/src/Middleware/InitializeTenancyByDomainOrSubdomain.php
@ -22,7 +22,7 @@ class InitializeTenancyByDomainOrSubdomain extends InitializeTenancyBySubdomain
            return $next($request);
        }

-        $domain = $request->getHost();
+        $domain = $this->getDomain($request);

        if ($this->isSubdomain($domain)) {
            $domain = $this->makeSubdomain($domain);
--- a/src/Middleware/InitializeTenancyByOriginHeader.php
+++ b/src/Middleware/InitializeTenancyByOriginHeader.php
@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Stancl\Tenancy\Middleware;
+
+use Illuminate\Http\Request;
+
+class InitializeTenancyByOriginHeader extends InitializeTenancyByDomainOrSubdomain
+{
+    public function getDomain(Request $request): string
+    {
+        return $request->header('Origin', '');
+    }
+}
--- a/src/Middleware/InitializeTenancyBySubdomain.php
+++ b/src/Middleware/InitializeTenancyBySubdomain.php
@ -35,7 +35,7 @@ class InitializeTenancyBySubdomain extends InitializeTenancyByDomain
            return $next($request);
        }

-        $subdomain = $this->makeSubdomain($request->getHost());
+        $subdomain = $this->makeSubdomain($this->getDomain($request));

        if (is_object($subdomain) && $subdomain instanceof Exception) {
            $onFail = static::$onFail ?? function ($e) {
--- a/tests/EarlyIdentificationTest.php
+++ b/tests/EarlyIdentificationTest.php
@ -19,6 +19,7 @@ use Stancl\Tenancy\Middleware\InitializeTenancyByRequestData;
 use Stancl\Tenancy\Tests\Etc\EarlyIdentification\Models\Post;
 use Stancl\Tenancy\Middleware\PreventAccessFromUnwantedDomains;
 use Stancl\Tenancy\Middleware\InitializeTenancyByDomainOrSubdomain;
+use Stancl\Tenancy\Middleware\InitializeTenancyByOriginHeader;
 use Stancl\Tenancy\Tests\Etc\EarlyIdentification\ControllerWithMiddleware;
 use Stancl\Tenancy\Tests\Etc\EarlyIdentification\ControllerWithRouteMiddleware;

@ -175,6 +176,46 @@ test('early identification works with request data identification', function (st
    'default to tenant routes' => RouteMode::TENANT,
    'default to central routes' => RouteMode::CENTRAL,
 ]);
+test('early identification works with origin identification', function (bool $useKernelIdentification, RouteMode $defaultRouteMode) {
+    $identificationMiddleware = InitializeTenancyByOriginHeader::class;
+
+    if ($useKernelIdentification) {
+        $controller = ControllerWithMiddleware::class;
+        app(Kernel::class)->pushMiddleware($identificationMiddleware);
+    } else {
+        $controller = ControllerWithRouteMiddleware::class;
+        RouteFacade::middlewareGroup('tenant', [$identificationMiddleware]);
+    }
+
+    config(['tenancy.default_route_mode' => $defaultRouteMode]);
+
+    $tenantRouteMiddleware = 'tenant';
+
+    // If defaulting to tenant routes
+    // With kernel identification, we make the tenant route have no MW
+    // And with route-level identification, we make the route have only the identification middleware
+    if ($defaultRouteMode === RouteMode::TENANT) {
+        $tenantRouteMiddleware = $useKernelIdentification ? null : $identificationMiddleware;
+    }
+
+    RouteFacade::post('/tenant-route', [$controller, 'index'])->middleware($tenantRouteMiddleware);
+
+    $tenant = Tenant::create();
+
+    $tenant->domains()->create(['domain' => 'foo']);
+
+    $tenantKey = $tenant->getTenantKey();
+
+    $response = pest()->post('/tenant-route', headers: ['Origin' => 'foo.localhost']);
+
+    $response->assertOk()->assertSee('token:' . $tenantKey);
+})->with([
+    'route-level identification' => false,
+    'kernel identification' => true,
+])->with([
+    'default to tenant routes' => RouteMode::TENANT,
+    'default to central routes' => RouteMode::CENTRAL,
+]);

 test('early identification works with domain identification', function (string $middleware, string $domain, bool $useKernelIdentification, RouteMode $defaultRouteMode) {
    config(['tenancy.default_route_mode' => $defaultRouteMode]);
--- a/tests/OriginHeaderIdentificationTest.php
+++ b/tests/OriginHeaderIdentificationTest.php
@ -0,0 +1,56 @@
+<?php
+
+declare(strict_types=1);
+
+use Stancl\Tenancy\Tests\Etc\Tenant;
+use Illuminate\Support\Facades\Route;
+use Stancl\Tenancy\Middleware\InitializeTenancyByOriginHeader;
+
+beforeEach(function () {
+    InitializeTenancyByOriginHeader::$onFail = null;
+
+    config([
+        'tenancy.central_domains' => [
+            'localhost',
+        ],
+    ]);
+
+    Route::post('/home', function () {
+        return response(tenant('id'));
+    })->middleware([InitializeTenancyByOriginHeader::class])->name('home');
+});
+
+afterEach(function () {
+    InitializeTenancyByOriginHeader::$onFail = null;
+});
+
+test('origin identification works', function () {
+    $tenant = Tenant::create();
+
+    $tenant->domains()->create([
+        'domain' => 'foo',
+    ]);
+
+    pest()
+        ->withHeader('Origin', 'foo.localhost')
+        ->post('home')
+        ->assertSee($tenant->id);
+});
+
+test('tenant routes are not accessible on central domains while using origin identification', function () {
+    pest()
+        ->withHeader('Origin', 'localhost')
+        ->post('home')
+        ->assertStatus(500);
+});
+
+test('onfail logic can be customized', function() {
+    InitializeTenancyByOriginHeader::$onFail = function () {
+        return response('onFail message');
+    };
+
+    pest()
+        ->withHeader('Origin', 'bar.localhost') // 'bar'/'bar.localhost' is not an existing tenant domain
+        ->post('home')
+        ->assertSee('onFail message');
+});