[Bug] web_middleware list causes errors

[hirakujira]

Bug report

What I did

I followed the instruction in:

CRUD/src/config/backpack/base.php

Lines 181 to 189 in 91a8093

	'web_middleware' => 'web',
	// Or you can comment the above, and uncomment the complete list below.
	// 'web_middleware' => [
	// \App\Http\Middleware\EncryptCookies::class,
	// \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
	// \Illuminate\Session\Middleware\StartSession::class,
	// \Illuminate\View\Middleware\ShareErrorsFromSession::class,
	// \App\Http\Middleware\VerifyCsrfToken::class,
	// ],

I commented 'web_middleware' => 'web', and use the list below it

What I expected to happen

Backpack load the middlewares in the list

What happened

It shows Illegal offset type in isset or empty error.

What I've already tried to fix it

I think it's because when Backpack loads middleware

CRUD/src/routes/backpack/custom.php

Lines 9 to 14 in 91a8093

	Route::group([
	'prefix' => config('backpack.base.route_prefix', 'admin'),
	'middleware' => [
	config('backpack.base.web_middleware', 'web'),
	config('backpack.base.middleware_key', 'admin'),
	],

If I use custom web_middleware list, the middleware would be like this:

'middleware' => [
        [
             \App\Http\Middleware\EncryptCookies::class,
             \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
             \Illuminate\Session\Middleware\StartSession::class,
             \Illuminate\View\Middleware\ShareErrorsFromSession::class,
             \App\Http\Middleware\VerifyCsrfToken::class,
        ],
        config('backpack.base.middleware_key', 'admin'),
    ],

As you can see, it's an array in another array, which causes this bug.

Backpack, Laravel, PHP, DB version

When I run php artisan backpack:version the output is:

PHP VERSION:

PHP 7.4.5 (cli) (built: Apr 17 2020 12:02:59) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
with Zend OPcache v7.4.5, Copyright (c), by Zend Technologies

LARAVEL VERSION:

v7.22.4@30e851a2b3a2af73fba0b7f4fa22b04260db98e7

BACKPACK VERSION:

4.1.15@6c751de946a9c8511dd32eb7bfa3ca6a568849f5

[welcome]

Hello there! Thanks for opening your first issue on this repo!

Just a heads-up: Here at Backpack we use Github Issues only for tracking bugs. Talk about new features is also acceptable. This helps a lot in keeping our focus on improving Backpack. If you issue is not a bug/feature, please help us out by closing the issue yourself and posting in the appropriate medium (see below). If you're not sure where it fits, it's ok, a community member will probably reply to help you with that.

Backpack communication channels:

• Bug Reports, Feature Requests - Github Issues (here);
• Quick help (How do I do X) - Gitter Chatroom;
• Long questions (I have done X and Y and it won't do Z wtf) - Stackoverflow, using the backpack-for-laravel tag;
• Showing off something you've made, asking for opinion on Backpack/Laravel matters - Reddit;

Please keep in mind Backpack offers no official / paid support. Whatever help you receive here, on Gitter, Slack or Stackoverflow is thanks to our awesome awesome community members, who give up some of their time to help their peers. If you want to join our community, just start pitching in. We take pride in being a welcoming bunch.

Thank you!

--
Justin Case
The Backpack Robot

[pxpm]

Hi @hirakujira

I think you have an outdated config file.

The current config files goes like this:

https://github.com/Laravel-Backpack/CRUD/blob/master/src/config/backpack/base.php

    // The classes for the middleware to check if the visitor is an admin
    // Can be a single class or an array of clases
    'middleware_class' => [
        App\Http\Middleware\CheckIfAdmin::class,
        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
        // \Backpack\CRUD\app\Http\Middleware\UseBackpackAuthGuardInsteadOfDefaultAuthGuard::class,
    ],

    // Alias for that middleware
    'middleware_key' => 'admin',
    // Note: It's recommended to use the backpack_middleware() helper everywhere, which pulls this key for you.

I don't think there is a bug here. If I am wrong please re-open.

Best,
Pedro

[hirakujira]

Thanks for your explanation, @pxpm !

However when I check the code, I still feel confused.

In https://github.com/Laravel-Backpack/CRUD/blob/master/src/config/backpack/base.php, there are two middleware groups, one is admin, and another one is web.

As you can see, in https://github.com/Laravel-Backpack/CRUD/blob/master/src/routes/backpack/custom.php, the route loads both web and admin middleware groups.

So the problem is that your solution is for the admin middleware group, if I want to make a custom array for web middleware in /config/backpack/base.php, it would cause errors. And also, modifying web_middleware to array object is what the code recommends me to do (please look the comments in the code)

CRUD/src/config/backpack/base.php

Lines 178 to 222 in d9e6201

	// The web middleware (group) used in all base & CRUD routes
	// If you've modified your "web" middleware group (ex: removed sessions), you can use a different
	// route group, that has all the the middleware listed below in the comments.
	'web_middleware' => 'web',
	// Or you can comment the above, and uncomment the complete list below.
	// 'web_middleware' => [
	// \App\Http\Middleware\EncryptCookies::class,
	// \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
	// \Illuminate\Session\Middleware\StartSession::class,
	// \Illuminate\View\Middleware\ShareErrorsFromSession::class,
	// \App\Http\Middleware\VerifyCsrfToken::class,
	// ],
	// Set this to false if you would like to use your own AuthController and PasswordController
	// (you then need to setup your auth routes manually in your routes.php file)
	'setup_auth_routes' => true,
	// Set this to false if you would like to skip adding the dashboard routes
	// (you then need to overwrite the login route on your AuthController)
	'setup_dashboard_routes' => true,
	// Set this to false if you would like to skip adding "my account" routes
	// (you then need to manually define the routes in your web.php)
	'setup_my_account_routes' => true,
	/*
	|--------------------------------------------------------------------------
	| Authentication
	|--------------------------------------------------------------------------
	*/
	// Fully qualified namespace of the User model
	'user_model_fqn' => App\User::class,
	// The classes for the middleware to check if the visitor is an admin
	// Can be a single class or an array of clases
	'middleware_class' => [
	App\Http\Middleware\CheckIfAdmin::class,
	\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
	// \Backpack\CRUD\app\Http\Middleware\UseBackpackAuthGuardInsteadOfDefaultAuthGuard::class,
	],
	// Alias for that middleware
	'middleware_key' => 'admin',
	// Note: It's recommended to use the backpack_middleware() helper everywhere, which pulls this key for you.