Restrict access to admins with laravel hesto / multiauth

Question

I've been creating authentification for users and for admins with Laravel Hesto / multi Auth... I've also created other views that can be reached only by admins. I also created the routes to access those pages...

Route::group(['prefix' => 'admin'], function () {
    Route::get('/', function (){
       return redirect('/admin/login');
    });
    Route::get('/login', 'AdminAuth\LoginController@showLoginForm')->name('login');
    Route::post('/login', 'AdminAuth\LoginController@login');
    Route::post('/logout', 'AdminAuth\LoginController@logout')->name('logout');

    Route::get('/register', 'AdminAuth\RegisterController@showRegistrationForm')->name('register');
    Route::post('/register', 'AdminAuth\RegisterController@register');

    Route::post('/password/email', 'AdminAuth\ForgotPasswordController@sendResetLinkEmail')->name('password.request');
    Route::post('/password/reset', 'AdminAuth\ResetPasswordController@reset')->name('password.email');
    Route::get('/password/reset', 'AdminAuth\ForgotPasswordController@showLinkRequestForm')->name('password.reset');
    Route::get('/password/reset/{token}', 'AdminAuth\ResetPasswordController@showResetForm');

    // Routes settings admin
    Route::resource('/settings/langs', 'Admin\LangController');
    // Route core application
    Route::resource('/mappings/sectors', 'Admin\SectorController');
});

My problem is that the route for settings/langs and mapping/sectors can be reached by not logged users ... And those page should be restricted...

Answer 1

Just wrapp them under auth middleware

 Route::group(['prefix' => 'admin'], function () {

     Route::get('/', function (){
           return redirect('/admin/login');
        });
     Route::get('/login', 'AdminAuth\LoginController@showLoginForm')->name('login');
     Route::post('/login', 'AdminAuth\LoginController@login');
     Route::post('/logout', 'AdminAuth\LoginController@logout')->name('logout');

     Route::get('/register', 'AdminAuth\RegisterController@showRegistrationForm')->name('register');
     Route::post('/register', 'AdminAuth\RegisterController@register');

     Route::post('/password/email', 'AdminAuth\ForgotPasswordController@sendResetLinkEmail')->name('password.request');
     Route::post('/password/reset', 'AdminAuth\ResetPasswordController@reset')->name('password.email');
     Route::get('/password/reset', 'AdminAuth\ForgotPasswordController@showLinkRequestForm')->name('password.reset');
     Route::get('/password/reset/{token}', 'AdminAuth\ResetPasswordController@showResetForm');

     Route::group(['middleware'=>'auth'], function(){
        // Routes settings admin
        Route::resource('/settings/langs', 'Admin\LangController');
        // Route core application
        Route::resource('/mappings/sectors', 'Admin\SectorController');
    });
});

This will prevent non-auth users to access those routes.