Livewire DuplicateLogin middleware

henkpoldergraaf · March 11, 2021, 9:48am

What seems to be the problem:

Hi I have build a application where a account should be logged in only once (so not working from multiple browsers). I have created a session_hash attribute at the User model which gets refreshed when logged in and registered in the session. When another browser triggers the login the session_hash changes. In traditional laravel it is quite easy to build a middleware to check if the in_session session_hash is the same as the one in the database and then call redirect and exit; But how does one accomplish this is Livewire. Is Middleware the right tool for this or should it be part of a trait on the component.

When in middleware I cannot redirect, cannot trigger a browserEvent…

When I build a trait I have access but I need a hook to check for instance the updating event? But do I catch all use cases this way?

I would rather have this implemented as middleware then as a trait?

Could you please advise?

Are you using the latest version of Livewire:
Yes

henkpoldergraaf · March 15, 2021, 3:40pm

Registered a middleware group in the config/livewire.php and in the kernel.php under routeMiddleware

Check every thirty seconds if the session hash is the same as in the database, if not return response status code 440.

In the javascript listen for the status code and act on it.

<?php namespace App\Http\Middleware;

use Carbon\Carbon;
use Closure;
use http\Env\Response;
use Illuminate\Contracts\Auth\Guard;
use App\Lib\User\Roles;
use App\User;

class DuplicateLoginLivewire {
    const DEBOUNCE = '30 seconds';

    function __construct(User $user, Guard $auth)
    {
        $this->user = $user;
        $this->auth = $auth;
    }

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        ...
        if ($this->auth->user()) {
            if ($this->shouldCheckSessionHash() && $this->auth->user()->getAttribute('session_hash') !== 		session('session_hash')) {
                session()->put('new_debounce_time', Carbon::now());

                if (strpos($request->getRequestUri(), 'livewire') !== false) {
                    return response()->make('Duplicate login', 440);
                }
                return redirect()->to(config('app.url_login'));
            }
        }

        return $next($request);
    }

    private function shouldCheckSessionHash()
    {
        return Carbon::parse(session('new_debounce_time'), 	Carbon::now()->subMinute())->add(self::DEBOUNCE)->diffInSeconds(Carbon::now()) > 0;
    }
}

window.livewire.onError(statusCode => {
        if (statusCode === 440) {
            location.href = '{{ config('app.url_login') }}';

            return false
        }
    })