Ich habe den Super‑Admin sauber auf einen eigenen Guard + eigenes Session‑Cookie umgestellt, damit Filament‑Login nicht mehr mit dem Frontend/Event‑Admin geteilt wird.

2025-12-23 09:17:39 +01:00
parent 8267b2bca3
commit 77fc8015e7
4 changed files with 54 additions and 2 deletions
--- a/app/Http/Middleware/UseSuperAdminSession.php
+++ b/app/Http/Middleware/UseSuperAdminSession.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class UseSuperAdminSession
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        config(['session.cookie' => 'super_admin_session']);
+
+        return $next($request);
+    }
+}
--- a/app/Providers/Filament/SuperAdminPanelProvider.php
+++ b/app/Providers/Filament/SuperAdminPanelProvider.php
@@ -11,6 +11,7 @@ use App\Filament\Widgets\PlatformStatsWidget;
 use App\Filament\Widgets\RevenueTrendWidget;
 use App\Filament\Widgets\TopTenantsByRevenue;
 use App\Filament\Widgets\TopTenantsByUploads;
+use App\Http\Middleware\UseSuperAdminSession;
 use Boquizo\FilamentLogViewer\FilamentLogViewerPlugin;
 use Filament\Http\Middleware\Authenticate;
 use Filament\Http\Middleware\DisableBladeIconComponents;
@@ -18,8 +19,8 @@ use Filament\Http\Middleware\DispatchServingFilamentEvent;
 use Filament\Pages;
 use Filament\Panel;
 use Filament\PanelProvider;
-use Filament\Support\Icons\Heroicon;
 use Filament\Support\Colors\Color;
+use Filament\Support\Icons\Heroicon;
 use Filament\Widgets;
 use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
 use Illuminate\Cookie\Middleware\EncryptCookies;
@@ -72,6 +73,7 @@ class SuperAdminPanelProvider extends PanelProvider
            ])
            ->middleware([
                EncryptCookies::class,
+                UseSuperAdminSession::class,
                AddQueuedCookiesToResponse::class,
                StartSession::class,
                AuthenticateSession::class,
@@ -100,7 +102,7 @@ class SuperAdminPanelProvider extends PanelProvider
                Pages\Dashboard::class,
                \App\Filament\SuperAdmin\Pages\WatermarkSettingsPage::class,
            ])
-            ->authGuard('web');
+            ->authGuard('super_admin');

        // SuperAdmin-Zugriff durch custom Middleware, globale Sichtbarkeit ohne Tenant-Isolation
        // Blog-Resources werden durch das Plugin-ServiceProvider automatisch registriert
--- a/config/auth.php
+++ b/config/auth.php
@@ -40,6 +40,10 @@ return [
            'driver' => 'session',
            'provider' => 'users',
        ],
+        'super_admin' => [
+            'driver' => 'session',
+            'provider' => 'users',
+        ],
        'api' => [
            'driver' => 'sanctum',
            'provider' => 'users',
--- a/tests/Feature/SuperAdminSessionMiddlewareTest.php
+++ b/tests/Feature/SuperAdminSessionMiddlewareTest.php
@@ -0,0 +1,24 @@
+<?php
+
+namespace Tests\Feature;
+
+use App\Http\Middleware\UseSuperAdminSession;
+use Illuminate\Http\Request;
+use Tests\TestCase;
+
+class SuperAdminSessionMiddlewareTest extends TestCase
+{
+    public function test_middleware_sets_super_admin_session_cookie(): void
+    {
+        config(['session.cookie' => 'laravel_session']);
+
+        $middleware = new UseSuperAdminSession;
+        $request = Request::create('/super-admin', 'GET');
+
+        $middleware->handle($request, function () {
+            return response('ok');
+        });
+
+        $this->assertSame('super_admin_session', config('session.cookie'));
+    }
+}