Middleware
LaravelMiddleware filters HTTP requests entering your application. Think of it as a series of gates — each request must pass through before reaching your controller.
Creating Middleware
Terminal
php artisan make:middleware CheckAgeapp/Http/Middleware/CheckAge.php
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
class CheckAge
{
public function handle(Request $request, Closure $next)
{
if ($request->age < 18) {
return redirect('/home'); // Block the request
}
return $next($request); // Allow through
}
}
?>Registering & Using Middleware
routes/web.php
<?php
// Apply to single route
Route::get('/adult', function () {
return 'Adults only!';
})->middleware('check.age');
// Apply to multiple routes
Route::middleware(['auth', 'check.age'])->group(function () {
Route::get('/dashboard', fn() => 'Dashboard');
Route::get('/profile', fn() => 'Profile');
});
?>Built-in Laravel Middleware
| Middleware | Purpose |
|---|---|
auth | Require authentication |
guest | Redirect if logged in |
verified | Require email verification |
throttle:60,1 | Rate limiting (60 req/min) |
can:edit-post | Authorization check |
Logging Middleware Example
PHP
<?php
class LogRequests
{
public function handle(Request $request, Closure $next)
{
// Before request
$start = microtime(true);
$response = $next($request); // Let request through
// After request (response available here)
$duration = round((microtime(true) - $start) * 1000, 2);
Log::info("Request", [
'method' => $request->method(),
'url' => $request->fullUrl(),
'status' => $response->status(),
'duration' => "{$duration}ms",
'user_id' => auth()->id(),
]);
return $response;
}
}
?>💡
Middleware order matters! Middleware runs in the order it's registered. The
auth middleware should come before any middleware that assumes the user is logged in.Test your knowledge!
Take a quiz to reinforce what you learned.