Admin session

app/Http/Controllers/AdminController.php

@@ -12,4 +12,35 @@ class AdminController extends Controller
       $records = WebForm::orderBy('created_at', 'DESC')->paginate(30);
       return view('app.admin.index', compact('records'));
     }
+    public function login() {
+      return view('app.admin.login');
+    }
+
+    public function submitLogin(Request $request){
+      $request->validate([
+        'username' => 'required|string',
+        'password' => 'required|string'
+      ]);
+
+      $username = $request->get('username');
+      $password = $request->get('password');
+
+      $expectedUsername = config('app.adminSessionUsername');
+      $expectedPassword = config('app.adminSessionPassword');
+
+      if($username !== $expectedUsername && $password !== $expectedPassword){
+        return redirect()->back()->with('error', 'Invalid credentials!');
+      }
+
+      $request->session()->put('adminSession', rand());
+
+      return redirect()->to(route('admin.index'));
+    }
+    public function logout(Request $request){
+      if (!$request->session()->exists('adminSession')) {
+          return redirect()->to(route('login'));
+      }
+      $request->session()->forget('adminSession');
+      return redirect()->to(route('admin.index'));
+    }
 }

app/Http/Middleware/EnsureAdminSession.php

@@ -11,7 +11,9 @@ class EnsureAdminSession
 {
     public function handle(Request $request, Closure $next)
     {
-        dd('Not authorized!');
+        if (!$request->session()->has('adminSession')) {
+            return redirect()->to(route('login'));
+        }
         return $next($request);
 
     }

config/app.php

@@ -27,6 +27,9 @@ return [
     'supportEmailAddress' => env('SUPPORT_EMAIL_ADDRESS'),
     'adminEmailAddress' => env('ADMIN_EMAIL_ADDRESS'),
 
+    'adminSessionUsername' => env('ADMIN_SESSION_USERNAME'),
+    'adminSessionPassword' => env('ADMIN_SESSION_PASSWORD'),
+
     /*
     |--------------------------------------------------------------------------
     | Application Environment

resources/views/app/admin/login.blade.php

@@ -0,0 +1,40 @@
+@extends('layouts.admin')
+@section('content')
+<div class="container">
+    <div class="row">
+        <div class="col-12">
+            <div class="bg-primary p-3">
+                <h4 class="m-0 text-white">Admin Portal</h4>
+            </div>
+            <div class="row">
+                <div class="col-md-4">
+                    <form action="{{ route('submit-login') }}" method="POST" class="mt-3">
+                        @csrf
+                        <div>
+                        @if($errors->any())
+                        <div class="alert alert-danger fade show" role="alert">
+                            Invalid credentials!
+                        </div>
+                        @endif
+                        @if(session('error'))
+                        <div class="alert alert-danger fade show" role="alert">
+                            {{session('error')}}
+                        </div>
+                        @endif
+                        </div>
+                        <div class="form-group">
+                            <label>Username</label>
+                            <input type="text" class="form-control" name="username" />
+                        </div>
+                        <div class="form-group">
+                            <label>Password</label>
+                            <input type="password" class="form-control" name="password" />
+                        </div>
+                        <button class="btn btn-primary mt-3">Login</button>
+                    </form>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+@endsection

resources/views/layouts/admin.blade.php

@@ -15,16 +15,17 @@
                 </a>
                 <div>
                     <div class="d-flex align-items-center">
-                      <a class="d-lg-none d-inline btn rounded-0 btn-pry px-3 py-2" href="{{ route('find-a-clinic') }}">Find a Clinic</a>
                       <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navBar" aria-controls="navBar" aria-expanded="false" aria-label="Toggle navigation">
                           <i class="fas fa-bars"></i>
                       </button>
                     </div>
                     <div class="collapse navbar-collapse" id="navBar">
                         <ul class="navbar-nav ms-auto align-items-lg-center">
+                            @if(session()->has('adminSession'))
                             <li class="nav-item">
                                 <a class="nav-link" href="{{ route('admin.index') }}">Web Forms</a>
                             </li>
+                            @endif
                             <li class="nav-item d-lg-block d-none">
                                 <a class="btn px-4 py-2 rounded-0 btn-pry" href="{{ route('index') }}" target="_blank">View Website</a>
                             </li>

resources/views/layouts/base.blade.php

@@ -70,6 +70,10 @@
                 @yield('context-switch-link')
                 <span class="mx-3">|</span>
                 <a class="text-pry" style="font-size: 14px;" href="tel:{{config('app.forPatientGeneralQuestionPhoneNumber')}}">{{config('app.forPatientGeneralQuestionPhoneNumber')}}</a>
+                @if(session()->has('adminSession'))
+                  <span class="mx-1">|</span>
+                  <a class="text-pry" style="font-size: 14px;" href="{{ route('admin.logout') }}">Logout</a>
+                @endif
               </div>
             </div>
         </div>

routes/web.php

@@ -54,6 +54,9 @@ Route::prefix('/physicians/')->name('physicians.')->group(function () {
     Route::get('/terms-of-service', [PhysiciansController::class, 'terms'])->name('terms');
 });
 
+Route::get('/login', [AdminController::class, 'login'])->name('login');
+Route::post('/submit-login', [AdminController::class, 'submitLogin'])->name('submit-login');
 Route::middleware('ensureAdminSession')->prefix('/admin')->name('admin.')->group(function () {
     Route::get('/', [AdminController::class, 'index'])->name('index');
+    Route::get('/logout', [AdminController::class, 'logout'])->name('logout');
 });