Middleware and Security
Filament Tenancy includes integrated middleware to automatically manage tenant context and prevent unauthorized access.
Available Middleware
Section titled “Available Middleware”InitializeTenancy
Section titled “InitializeTenancy”Automatically resolves the tenant from domain/subdomain and switches the database context.
Features:
- ✅ Resolves tenant from domain/subdomain
- ✅ Automatically switches database connection
- ✅ Returns custom 404 page if tenant is not found
- ✅ Verifies tenant is active before allowing access
- ✅ Allows access to landlord routes even with inactive tenant (configurable)
Registration:
In Laravel 11 (bootstrap/app.php):
->withMiddleware(function (Middleware $middleware): void { $middleware->web(append: [ \AngelitoSystems\FilamentTenancy\Middleware\InitializeTenancy::class, ]);})In Laravel 10, it’s automatically registered if middleware.auto_register is enabled.
EnsureTenantAccess
Section titled “EnsureTenantAccess”Ensures there is a tenant present and active before allowing access.
Features:
- ✅ Verifies there is a resolved tenant
- ✅ Returns 404 if no tenant
- ✅ Returns 403 if tenant is inactive or expired
Usage:
Route::middleware(['tenant'])->group(function () { // Routes that require active tenant});PreventTenantAccess
Section titled “PreventTenantAccess”Prevents access from tenant context. Used in the central admin panel.
Features:
- ✅ Blocks access if there is an active tenant
- ✅ Returns 403 if trying to access from tenant domain
Automatic Usage:
This middleware is automatically registered when you use TenancyLandlordPlugin in your Filament panel.
PreventLandlordAccess
Section titled “PreventLandlordAccess”Prevents access without active tenant. Used in tenant panels.
Features:
- ✅ Blocks access if there is no active tenant
- ✅ Returns 403 if trying to access from central domain
Automatic Usage:
This middleware is automatically registered when you use TenancyTenantPlugin in your Filament panel.
Middleware Configuration
Section titled “Middleware Configuration”Global Configuration
Section titled “Global Configuration”In config/filament-tenancy.php:
'middleware' => [ 'auto_register' => true, // Automatically register 'global' => true, // Register globally in 'web' group 'priority' => 100, // Priority in stack 'landlord_paths' => [ // Routes accessible from landlord '/admin', '/landlord', ],],Landlord Routes
Section titled “Landlord Routes”Routes configured in landlord_paths are accessible from central domains even when there is an inactive tenant resolved.
Security
Section titled “Security”Automatic Validations
Section titled “Automatic Validations”The middleware performs the following validations:
- Central Domain: Verifies domain is not in
central_domains - Active Tenant: Verifies
is_active = true - Non-Expired Tenant: Verifies
expires_atis null or future - Tenant Found: Verifies tenant exists in database
Cross-Access Protection
Section titled “Cross-Access Protection”- Admin Panel: Cannot be accessed from tenant domains
- Tenant Panel: Cannot be accessed without active tenant
- Data Isolation: Each tenant can only access its own data
Custom 404 Page
Section titled “Custom 404 Page”When a tenant is not found, a custom 404 page is shown with:
- Clear error message
- Request details (domain, resolver, APP_DOMAIN)
- Link back to home
- Optional Livewire component support
See Advanced Configuration to customize the 404 page.
Next Steps
Section titled “Next Steps”- Configure Filament resources for admin panels
- Review advanced configuration for additional options