Middleware

Home

Getting Started

Digging Deeper

Development

API

Index

A PSR-7/15 Middleware can be added to routes, groups, and controllers. To add a middleware to a route or controller, you must add it as a class string (AddHeaderMiddleware::class) or as an alias (csrf.token) as defined in config/app.php.

Adding Middleware to Routes

At it's simplest, adding Middleware to a route can be done by passing the class string to the middleware() method:

<?php

use Application\Http\Controller\HomeController;
use Application\Http\Middleware\AddHeaderMiddleware;
use Qubus\Routing\Route\RouteGroup;

return function (\Qubus\Routing\Psr7Router $router) {
    $router->group(params: '', callback: function (RouteGroup $group) {
        $group
        ->get(uri: '/', callback: function(HomeController $controller) {
            return $controller->index();
        })
        ->middleware(AddHeaderMiddleware::class);
    });
};

File: ./routes/web/web.php

Multiple middleware can be added by passing more parameters to the middleware() method:

<?php

use Application\Http\Controller\HomeController;
use Application\Http\Middleware\AddHeaderMiddleware;
use Application\Http\Middleware\AuthMiddleware;
use Qubus\Routing\Route\RouteGroup;

return function (\Qubus\Routing\Psr7Router $router) {
    $router->group(params: '', callback: function (RouteGroup $group) {
        $group
        ->get(uri: '/', callback: function(HomeController $controller) {
            return $controller->index();
        })
        ->middleware(
            AddHeaderMiddleware::class,
            AuthMiddleware::class
        );
    });
};

File: ./routes/web/web.php

Or alternatively, you can also pass an array of middleware:

<?php

use Application\Http\Controller\HomeController;
use Application\Http\Middleware\AddHeaderMiddleware;
use Application\Http\Middleware\AuthMiddleware;
use Qubus\Routing\Route\RouteGroup;

return function (\Qubus\Routing\Psr7Router $router) {
    $router->group(params: '', callback: function (RouteGroup $group) {
        $group
        ->get(uri: '/', callback: function(HomeController $controller) {
            return $controller->index();
        })
        ->middleware([
            AddHeaderMiddleware::class,
            AuthMiddleware::class
        ]);
    });
};

File: ./routes/web/web.php

Middleware Aliases

You may assign aliases to middleware in your application's bootstrap/app.php file using the withMiddleware method:

<?php

declare(strict_types=1);

use Codefy\Framework\Application as DevflowApp;
use Codefy\Framework\Configuration\Middleware;
use Qubus\Exception\Data\TypeException;

use function Codefy\Framework\Helpers\env;

try {
    $app = DevflowApp::create(
        config: [
            'basePath' => env(key: 'APP_BASE_PATH', default: dirname(path: __DIR__))
        ]
    )
    ->withMiddleware(function (Middleware $middleware) {
        $middleware->alias([
            'debugbar' => Codefy\Framework\Http\Middleware\DebugBarMiddleware::class
        ]);
    })->return();

    $app->share(nameOrInstance: $app);

    return $app::getInstance();
} catch (TypeException|ReflectionException $e) {
    return $e->getMessage();
}

Middleware aliases allow you to define a short alias for a given middleware class, which can be especially useful for middleware with long class names:

Alias	Middleware
`api`	`Codefy\Framework\Http\Middleware\ApiMiddleware::class`
`security.headers`	`Codefy\Framework\Http\Middleware\SecureHeaders\ContentSecurityPolicyMiddleware::class`
`content.cache`	`Codefy\Framework\Http\Middleware\ContentCacheMiddleware::class`.
`cors`	`Codefy\Framework\Http\Middleware\CorsMiddleware::class`
`csrf.token`	`Codefy\Framework\Http\Middleware\Csrf\CsrfTokenMiddleware::class`
`csrf.protection`	`Codefy\Framework\Http\Middleware\Csrf\CsrfProtectionMiddleware::class`
`css.minify`	`Codefy\Framework\Http\Middleware\CssMinifierMiddleware::class`
`gate`	`Codefy\Framework\Http\Middleware\Auth\GateMiddleware::class`
`honeypot`	`Codefy\Framework\Http\Middleware\Spam\HoneyPotMiddleware::class`
`html.minify`	`Codefy\Framework\Http\Middleware\HtmlMinifierMiddleware::class`
`http.cache`	`Codefy\Framework\Http\Middleware\Cache\CacheMiddleware::class`
`http.cache.clear.data`	`Codefy\Framework\Http\Middleware\Cache\ClearSiteDataMiddleware::class`
`http.cache.expires`	`Codefy\Framework\Http\Middleware\Cache\CacheExpiresMiddleware::class`
`http.cache.prevention`	`Codefy\Framework\Http\Middleware\Cache\CachePreventionMiddleware::class`
`js.minify`	`Codefy\Framework\Http\Middleware\JsMinifierMiddleware::class`
`rate.limiter`	`Codefy\Framework\Http\Middleware\ThrottleMiddleware::class`
`referrer.spam`	`Codefy\Framework\Http\Middleware\Spam\ReferrerSpamMiddleware::class`
`user.authenticate`	`Codefy\Framework\Http\Middleware\Auth\AuthenticationMiddleware::class`
`user.session`	`Codefy\Framework\Http\Middleware\Auth\UserSessionMiddleware::class`
`user.authorization`	`Codefy\Framework\Http\Middleware\Auth\UserAuthorizationMiddleware::class`
`user.session.expire`	`Codefy\Framework\Http\Middleware\Auth\ExpireUserSessionMiddleware::class`
`php.debugbar`	`Codefy\Framework\Http\Middleware\DebugBarMiddleware::class`
`http.exception`	`Codefy\Framework\Http\Middleware\Exception\HttpExceptionMiddleware::class`
`html.http.exception`	`Codefy\Framework\Http\Middleware\Exception\HtmlHttpExceptionMiddleware::class`
`json.http.exception`	`Codefy\Framework\Http\Middleware\Exception\JsonHttpExceptionMiddleware::class`
`redirect.http.exception`	`Codefy\Framework\Http\Middleware\Exception\RedirectionHttpExceptionMiddleware::class`
`bind.request`	`Codefy\Framework\Http\Middleware\BindRequestMiddleware::class`
`user.cookie.decrypt`	`Codefy\Framework\Http\Middleware\Auth\UserCookieDecryptMiddleware::class`

Base Middleware

If you would like to add a middleware that is going to affect all routes, then use base_middlewares array in your config/app.php File:

<?php
    //

    /*
    |--------------------------------------------------------------------------
    | Base Middlewares
    |--------------------------------------------------------------------------
    | Register middleware class strings or aliases to be applied to the entire
    | application.
    */
    'base_middlewares' => [
        'csrf.token',
        'csrf.protection',
        'http.cache.prevention',
        'user.cookie.decrypt',
        'bind.request',
        'debugbar',
        'http.exception',
    ],

    //

File: ./config/app.php

Route Group

Middleware can also be added to a group. To do so you need to pass an array as the first parameter of the group() function instead of a string. You can add one middleware or an array of middleware.

<?php

use Application\Http\Middleware\AddHeaderMiddleware;
use Qubus\Routing\Route\RouteGroup;

return function (\Qubus\Routing\Psr7Router $router) {
    $router->group(
        params: ['prefix' => 'my-prefix', 'middleware' => [AddHeaderMiddleware::class]],
        callback: function (RouteGroup $group) {
            $group->map(['GET'], 'route1', function () {}); // `/my-prefix/route1`
            $group->map(['GET'], 'route2', function () {}); // `/my-prefix/route2`
        }
    );
};

File: ./routes/web/web.php

Middleware on Controllers

You can also apply Middleware on a Controller class too. In order to do this your Controller must extend the Codefy\Framework\Http\BaseController abstract class.

Middleware is added by using the middleware property in your Controller.

<?php

declare(strict_types=1);

namespace Application\Http\Controller;

use Application\Http\Middleware\AddHeaderMiddleware;
use Application\Http\Middleware\AuthMiddleware;
use Codefy\Framework\Http\BaseController;
use Qubus\Http\Session\SessionService;
use Qubus\Routing\Router;
use Qubus\View\Renderer;

final class PostController extends BaseController
{
    protected array $middlewares = [
        AddHeaderMiddleware::class,
        AuthMiddleware::class
    ];
}

File: ./src/Application/Http/Controller/PostController.php

Scaffold Database

On This Page

Adding Middleware to Routes Middleware Aliases Base Middleware Route Group Middleware on Controllers