Protect admin routes with new eloquent sessions

When using Laravel’s own auth middleware an exception would then get
thrown which was being sent to Slack, hmmm.

So I modified the original MyAuthMiddleware to use the Auth facade
instead of a custom session key.

A logout page has also been added.

app/Http/Controllers/AuthController.php

@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Http\Controllers;
 
-use Illuminate\View\View;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Http\RedirectResponse;
 
@@ -40,4 +39,31 @@ class AuthController extends Controller
 
         return redirect()->route('login');
     }
+
+    /**
+     * Show the form to logout a user.
+     *
+     * @return \Illuminate\View\View|\Illuminate\Http\RedirectResponse
+     */
+    public function showLogout()
+    {
+        if (Auth::check() === false) {
+            // The user is not logged in, just redirect them home
+            return redirect('/');
+        }
+
+        return view('logout');
+    }
+
+    /**
+     * Log the user out from their current session.
+     *
+     * @return \Illuminate\Http\RedirectResponse;
+     */
+    public function logout(): RedirectResponse
+    {
+        Auth::logout();
+
+        return redirect('/');
+    }
 }

app/Http/Middleware/MyAuthMiddleware.php

@@ -6,6 +6,7 @@ namespace App\Http\Middleware;
 
 use Closure;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
 
 class MyAuthMiddleware
 {
@@ -18,7 +19,7 @@ class MyAuthMiddleware
      */
     public function handle(Request $request, Closure $next)
     {
-        if ($request->session()->has('loggedin') !== true) {
+        if (Auth::check($request->user()) == false) {
             //they’re not logged in, so send them to login form
             return redirect()->route('login');
         }