Laravel Authentication Proxy

This project demonstrates the Proxy design pattern for implementing authentication and authorization in a Laravel 11 application. It provides a secure way to control access to sensitive resources by acting as a gatekeeper before delegating requests to the underlying service.

Key Concepts

• Proxy Pattern: This project showcases how the Proxy pattern can be used to add an extra layer of security and control to your application. The AuthProxy class intercepts requests, performs authentication and authorization checks, and only then allows access to the RealResourceService if the user has the required permissions.
• Separation of Concerns: The Proxy pattern helps to separate the authentication and authorization logic from the business logic of the RealResourceService. This makes the code more modular, testable, and maintainable.
• Laravel Integration: The project seamlessly integrates with Laravel's authentication features, dependency injection container, and routing system.

Architecture

• App\Services\ResourceService: Interface defining the contract for retrieving sensitive data.
• App\Services\RealResourceService: Concrete implementation of ResourceService, responsible for fetching sensitive data (currently from the database).
• App\Services\AuthServiceInterface: Interface defining the contract for authentication and authorization checks.
• App\Services\RealAuthService: Concrete implementation of AuthServiceInterface, responsible for authenticating users and checking their permissions against the database.
• App\Services\AuthProxy: The Proxy class. It implements ResourceService, intercepts requests, performs authentication and authorization using AuthServiceInterface, and then delegates to the RealResourceService if authorized.
• App\Http\Controllers\ProtectedController: Controller that handles requests for protected resources. It injects the ResourceService interface, allowing it to work with either the AuthProxy or the RealResourceService directly (depending on configuration).
• App\Models\User: Eloquent model representing a user.
• App\Models\Permission: Eloquent model representing a permission, linked to a user.
• App\Models\SensitiveData: Eloquent model representing sensitive data, linked to a user.
• Database\Seeders\DatabaseSeeder: Seeders to populate the database with users, permissions, and sensitive data.
• tests\Unit: Unit tests to verify the behavior of the services and the proxy.

Workflow

1. Request: A user attempts to access the /protected route.
2. Middleware: The auth middleware ensures that the user is authenticated.
3. Controller: The ProtectedController is invoked.
4. Dependency Injection: Laravel's service container injects an instance of ResourceService into the controller. Crucially, the AppServiceProvider binds the ResourceService interface to either AuthProxy or RealResourceService based on the app.use_auth_proxy configuration value.
5. Proxy Interception (if enabled): If the AuthProxy is injected:
   • The AuthProxy checks if the user is authenticated and has the required 'read' permission using the RealAuthService.
   • If the user is not authorized, a 403 Forbidden error is thrown.
   • If the user is authorized, the AuthProxy delegates the request to the RealResourceService.
6. Data Retrieval: The RealResourceService fetches the sensitive data from the database.
7. Response: The controller renders the ProtectedData Inertia view, passing the sensitive data to the component.

Setting up the project

1. Clone the repository:

   git clone <repository_url>
   cd laravel-auth-proxy

2. Install dependencies:

   composer install

3. Copy environment file:

   cp .env.example .env

   Configure your database settings in the .env file.

4. Generate application key:

   php artisan key:generate

5. Migrate the database:

   php artisan migrate

6. Seed the database:

   php artisan db:seed

7. Install and compile assets:

   npm install
   npm run dev

8. Start the development server:

   php artisan serve

   Access the application in your browser (usually at http://localhost:8000).

Docker Setup (using Sail)

This project includes a docker-compose.yml file for running the application in a Docker container using Laravel Sail.

1. Ensure you have Docker and Docker Compose installed.

2. Copy environment file:

   cp .env.example .env

   Configure your database settings in the .env file (DB_HOST should be mysql).

3. Start Sail:

   ./vendor/bin/sail up

   Access the application in your browser at http://localhost.

Configuration

• config/app.php: The app.use_auth_proxy configuration value controls whether the AuthProxy is used. Set this value to true to enable the proxy, or false to bypass it. You can also set it in your .env file:

  USE_AUTH_PROXY=true
  

Testing

The project includes a suite of unit tests to verify the correctness of the implementation.

• Run all tests:

  ./vendor/bin/sail artisan test

• Run only unit tests:

  ./vendor/bin/sail artisan test --testsuite Unit

Notes

• Remember to register or create a user and grant the user read permissions using a seeder or tinker.
• Always hash passwords when storing them in the database.
• Consider enabling or disabling the AuthProxy to enable or disable security access by updating the .env

Contributing

Contributions are welcome! Please submit a pull request with a clear description of your changes.