07 - Security, Middleware, and RLS

Dokumen ini menjelaskan secara detail security pipeline, tenant context, RLS, dan logging operasional.

Middleware Alias Registration

Seluruh alias ada di bootstrap/app.php.

Alias	Class
`tenant.context`	`SetTenantContext`
`tenant.token`	`ValidateTenantToken`
`tenant.required`	`RequireTenantContext`
`password.confirmed`	`RequireRecentPasswordConfirmation`
`stepup.confirmed`	`RequireRecentStepUpAuthentication`
`subscription.active`	`EnsureTenantSubscriptionActive`
`tenant.write`	`EnsureTenantWriteAccess`
`subscription.feature`	`EnforceSubscriptionFeature`
`usage.track`	`TrackFeatureUsage`

Full Request Security Pipeline

Tenant Context Resolution Detail

SetTenantContext (app/Http/Middleware/Tenant/Context/SetTenantContext.php) melakukan:

Ambil user dari sanctum (jika ada).

Validasi format X-Tenant-ID (UUID).

Ambil tenant_id dari token sebagai source of truth.

Jika header tenant ada, header wajib match tenant token.

Bind object TenantContext ke container.

Set postgres session config untuk RLS:

app.current_tenant_id

app.current_user_id

Set config ke koneksi central.

Resolve cluster_id tenant dari central tenant registry.

Jika cluster valid, set config yang sama ke koneksi cluster tenant.

Token Validation Detail

ValidateTenantToken (app/Http/Middleware/Tenant/Context/ValidateTenantToken.php) memastikan:

super admin bisa bypass tenant token strict check.

endpoint tenant-scoped wajib punya tenant_id pada token.

tenant pada token harus sama dengan tenant context request.

user harus punya akses tenant aktif (hasActiveTenantAccess).

Jika gagal, response FORBIDDEN dikembalikan dengan envelope API.

RLS-Driven Isolation

Arsitektur ini mengandalkan kombinasi:

route middleware tenant

token ability

TenantContext

postgres session variable untuk RLS policy

Konsekuensi desain:

query tidak perlu selalu explicit where tenant_id = ....

isolasi data terjadi di DB policy level.

tetap disarankan explicit filter di query untuk intent clarity pada use case tertentu.

Structured Logging and Alerting

ApiRequestLoggerMiddleware

post-controller logger middleware.

tidak mengganggu response jika logging gagal.

StructuredApiLogger

log 4xx jika config('api.logging.log_4xx') aktif.

log 5xx jika config('api.logging.log_5xx') aktif.

payload log terstruktur: request_id, path, status, duration, user_id, ip.

trigger operational alert untuk spike status kritikal tertentu.

Referensi class:

app/Http/Middleware/Shared/ApiRequestLoggerMiddleware.php

app/Logging/StructuredApiLogger.php

app/Support/Security/OperationalAlerter.php

Middleware:

SetTenantContext

ValidateTenantToken

RequireTenantContext

RequireRecentPasswordConfirmation

RequireRecentStepUpAuthentication

Auth controllers:

UserSecurityController

UserSessionController

MeController

Auth services:

AuthorizationResolver

07 - Security, Middleware, and RLS

Middleware Alias Registration#

Full Request Security Pipeline#

Tenant Context Resolution Detail#

Token Validation Detail#

RLS-Driven Isolation#

Structured Logging and Alerting#

ApiRequestLoggerMiddleware#

StructuredApiLogger#

Security-Related Class Index#