c17fb2b413
Filament panel routes are NOT in the 'web' middleware group; they have
their own middleware list. So registering ResolveTenant in bootstrap
app.php (web group) doesn't apply to /app/* routes.
Filament's Authenticate middleware (from authMiddleware) is inserted
between ShareErrorsFromSession and AuthenticateSession. Auth check
queries User::find($id) which goes through BelongsToTenant's TenantScope.
If tenant isn't resolved at that point, scope's fail-safe returns 0 rows
→ User not found → user appears not authenticated → infinite redirect.
Fix: put ResolveTenant + CheckTenantStatus FIRST in the panel's
middleware() chain, before any auth-related middleware runs.
Symptom that pointed here: force-login set session correctly,
auth('web')->check() returned true on a /__whoami test route, but
visiting /app redirected back to /app/login.
72 lines
2.8 KiB
PHP
72 lines
2.8 KiB
PHP
<?php
|
|
|
|
namespace App\Providers\Filament;
|
|
|
|
use App\Http\Middleware\CheckTenantStatus;
|
|
use App\Http\Middleware\ResolveTenant;
|
|
use Filament\Http\Middleware\Authenticate;
|
|
use Filament\Http\Middleware\AuthenticateSession;
|
|
use Filament\Http\Middleware\DisableBladeIconComponents;
|
|
use Filament\Http\Middleware\DispatchServingFilamentEvent;
|
|
use Filament\Pages\Dashboard;
|
|
use Filament\Panel;
|
|
use Filament\PanelProvider;
|
|
use Filament\Support\Colors\Color;
|
|
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
|
|
use Illuminate\Cookie\Middleware\EncryptCookies;
|
|
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken;
|
|
use Illuminate\Routing\Middleware\SubstituteBindings;
|
|
use Illuminate\Session\Middleware\StartSession;
|
|
use Illuminate\View\Middleware\ShareErrorsFromSession;
|
|
|
|
/**
|
|
* Tenant panel — served on every <slug>.service.mir.md.
|
|
* ResolveTenant middleware loads the current Company before any auth check.
|
|
*/
|
|
class TenantPanelProvider extends PanelProvider
|
|
{
|
|
public function panel(Panel $panel): Panel
|
|
{
|
|
return $panel
|
|
->id('tenant')
|
|
->path('app')
|
|
->login()
|
|
->brandName('AutoCRM')
|
|
->colors([
|
|
'primary' => Color::Blue,
|
|
])
|
|
->authGuard('web')
|
|
->discoverResources(in: app_path('Filament/Tenant/Resources'), for: 'App\\Filament\\Tenant\\Resources')
|
|
->discoverPages(in: app_path('Filament/Tenant/Pages'), for: 'App\\Filament\\Tenant\\Pages')
|
|
->pages([
|
|
Dashboard::class,
|
|
])
|
|
->discoverWidgets(in: app_path('Filament/Tenant/Widgets'), for: 'App\\Filament\\Tenant\\Widgets')
|
|
->widgets([
|
|
\App\Filament\Tenant\Widgets\StatsOverview::class,
|
|
])
|
|
->middleware([
|
|
// CRITICAL: tenant resolution must run BEFORE Filament's
|
|
// Authenticate middleware (which is inserted by authMiddleware
|
|
// between ShareErrorsFromSession and AuthenticateSession).
|
|
// Otherwise User::find() during auth check has no tenant
|
|
// context → TenantScope returns 0 rows → user appears
|
|
// unauthenticated → endless redirect to /app/login.
|
|
ResolveTenant::class,
|
|
CheckTenantStatus::class,
|
|
EncryptCookies::class,
|
|
AddQueuedCookiesToResponse::class,
|
|
StartSession::class,
|
|
AuthenticateSession::class,
|
|
ShareErrorsFromSession::class,
|
|
VerifyCsrfToken::class,
|
|
SubstituteBindings::class,
|
|
DisableBladeIconComponents::class,
|
|
DispatchServingFilamentEvent::class,
|
|
])
|
|
->authMiddleware([
|
|
Authenticate::class,
|
|
]);
|
|
}
|
|
}
|