Laravel Middleware
Laravel Middleware
Provide a convenient mechanism for filtering HTTP requests entering your application.
Verifies the user of your application is authenticated.
Can be written to perform a variety of tasks besides authentication.
- All middleware are resolved via the service container , so you may type-hint any dependencies you need within a middleware's constructor.
- Out of the box, the web middleware group is automatically applied to your routes/web.php file by the RouteServiceProvider.
- A CORS middleware might be responsible for adding the proper headers to all responses leaving your application.
- A logging middleware might log all incoming requests to your application.
- Laravel includes a middleware that verifies the user of your application is authenticated.
- The CSRF middleware is automatically disabled when running tests.
Defining Middleware
<?php
namespace App\Http\Middleware;
use Closure;
class CheckAge
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($request->age <= 200) {
return redirect('home');
}
return $next($request);
}
}
To create a new middleware, use the make:middleware Artisan command.
Registering Middleware
Middleware Parameters
<?php
namespace App\Http\Middleware;
use Closure;
class CheckRole
{
/**
* Handle the incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string $role
* @return mixed
*/
public function handle($request, Closure $next, $role)
{
if (! $request->user()->hasRole($role)) {
// Redirect...
}
return $next($request);
}
}
Middleware parameters may be specified when defining the route by separating the middleware name and parameters with a :.
Terminable Middleware
<?php
namespace Illuminate\Session\Middleware;
use Closure;
class StartSession
{
public function handle($request, Closure $next)
{
return $next($request);
}
public function terminate($request, $response)
{
// Store the session data...
}
}
Once you have defined a terminable middleware, you should add it to the list of route or global middleware in the app/Http/Kernel.php file.
Related concepts
- Route Files: routes/api.php
- Laravel Routing: Route Groups
- Route Groups: Middleware
- Laravel Routing: Fallback Routes
- Laravel Middleware: Defining Middleware
- Defining Middleware: Before & After Middleware
- Before & After Middleware: Before Middleware
- Before & After Middleware: After Middleware
- Laravel Middleware: Registering Middleware
- Registering Middleware: Global Middleware
- Global Middleware: Assigning Middleware To Routes
- Registering Middleware: Middleware Groups
- Laravel Middleware: Middleware Parameters
- Laravel Middleware: Terminable Middleware
- CSRF Protection: Excluding URIs From CSRF Protection
- Laravel Controllers
- Laravel Controllers: Controller Middleware
- Laravel Requests: Input Trimming & Normalization
- Laravel Request Lifecycle: HTTP / Console Kernels
- Manually Authenticating Users: Intended method
- Protecting Routes: Via Middleware
- Authorizing Actions Using Policies: Via Middleware