Basic HTTP Authentication for Laravel Horizon
Laravel Horizon is a very simple yet powerful tool to monitor your applications Redis queues. For our applications we of course want to prevent access for non-authorized users and visitors.
By default Horizon uses the Laravel-provided authentication-system built around users and the Authenticatable-class. But what if your application doesn’t have any users and you don’t want to manage things like passwords and or usernames — or perhaps you don’t even have a database?
There is a very simple and easy solution for this; HTTP Basic Auth.
Laravel’s default basic auth-middleware still relies on the built in authentication system, so we won’t use that. Instead we’ll be using olssonm/l5-very-basic-auth (a package developed by myself).
So install Horizon and olssonm/l5-very-basic-auth with composer:
composer require laravel/horizon
composer require olssonm/l5-very-basic-authPublish the configurations:
php artisan horizon:install
php artisan vendor:publish — provider=”Olssonm\VeryBasicAuth\VeryBasicAuthServiceProvider”With everything installed we just need to tweak the Horizon configuration, first up is the HorizonServiceProvider. As the viewHorizon-gate wants a user-object, we can just allow a null value, and then return “true” (as the authentication is handled by the middleware):
Gate::define(‘viewHorizon’, function ($user = null) {
// Auth occurs in the auth.very_basic-middleware
return true;
});Now, in the horizon.php config-file, we tell Horizon to use the auth.very_basic-middleware:
‘middleware’ => [‘web’, ‘auth.very_basic’],For the password and username, we can either set these in very_basic_auth.php, or if we prefer, directly inline with the middleware:
‘middleware’ => [‘web’, ‘auth.very_basic:username,password’],Done! Now when you try to access your Horizon-route (by default /horizon) your will be prompted for your username and password:
Check out the documentation for Horizon and olssonm/l5-very-basic-auth to learn more about these packages.
