Posts tagged with middleware
– dev.to - submitted by Grant
A lot is changing in Laravel 11, including setting up middleware. This post explores how to do it and a lingering question I have after learning about it.
Read more [dev.to]
– tighten.com - submitted by Jamison Valenta
Tighten programmer Alison shares an intro to terminable middleware in Laravel. This type of middleware does work after the HTTP response is sent to the browser. Learn when to use it, and a some gotchas.
Read more [tighten.com]
Join 9,500+ smart developers
Get my monthly newsletter with what I learn from running Spatie, building Oh Dear, and maintaining 300+ open source packages. Practical takes on Laravel, PHP, and AI that you can actually use.
No spam. Unsubscribe anytime. You can also follow me on X.
"Freek’s newsletter is one of the best ways to stay updated with the Laravel and PHP ecosystem. It consistently highlights useful packages, tools, and ideas from the community, especially the amazing work coming from Spatie. As a Laravel developer building SaaS and web platforms, I find it extremely helpful to discover practical tools and insights that improve my development workflow."
– doeken.org - submitted by Doeke Norg
The Middleware Pattern allows you to easily change the input and output of an action; one layer at a time.
Read more [doeken.org]
In this video, which is part of the Testing Laravel video course, I explain to cool ways to test middleware in Laravel.
In this video, we're using Pest, but you can easily use the techniques in a PHPUnit testsuite as well.
– michielkempen.com - submitted by Michiel Kempen
What is the TrustProxies middleware and how can it help you generate secure HTTPS URLs, even when running Laravel behind a proxy?
Read more [michielkempen.com]
– blog.rafter.app - submitted by Josh Larson
Learn how to track and visualize a chain of queued jobs in Laravel using a custom trait, job middleware, and Laravel Livewire.
Read more [blog.rafter.app]
– timacdonald.me - submitted by Tim Mac
String concatenation is the current way we can pass arguments to Laravel middleware - but what if there was another way
Read more [timacdonald.me]
Recently we released a new small package called laravel-rate-limited-job-middleware. As the name implies, this package can be used to limit how many times a job may be executed in a given amount of time.
In this short blog post, I'd like to introduce the package to you.
One of the smallest pieces of middleware I've written, but feels a lot cleaner to abstract it instead of having these implementation details in a controller pic.twitter.com/AR3vOMKMM9
— Sebastian De Deyne (@sebdedeyne) January 8, 2019
Read more [twitter.com]
Laravel rockstar TJ Miller posted a short and sweet post how how he tested a middleware that forces requests to respond with JSON.
So what I’ve done here is define custom testing routes and applied the middleware as I would use it in the application routes, in this case global middleware and as middleware for the api group. This allows me to assert that the middleware is configured and functioning correctly.
https://medium.com/@sixlive/an-approach-to-testing-middleware-c547fc942848
Most of the sites we build for our clients contain some sort of contact form. For those client such forms are potentially critical to their business. Imagine for instance a real estate firm that generates leads with such forms. In most cases we will store the submitted values in the db and mail them…
Paul Redmond explains how you can use Guzzle 6' middleware to add a HMAC authorization header.
I prefer to keep my dependencies as up-to-date as possible so I decided to learn Guzzle 6 and become more familiar with the middleware. The concepts are pretty straightforward and I have a few patterns that I like to use when building out middleware within my Laravel applications.
https://medium.com/@paulredmond/using-guzzle-6-middleware-in-a-laravel-application-7fbd6d966235
Phil Sturgeon provides a good explanation on the why and how of middlewares in PHP.
Recently there has been a lot of buzz about HTTP middleware in PHP. Since PSR-7 was accepted, everyone and their friend Sherly has been knocking out middleware implementations, some of them stunning, some of them half-arsed, and some of them rolled into existing frameworks. HTTP Middleware is a wonderful thing, but the PHP-FIG is working on a specific standard for middleware, which will standardise this mess of implementations, but some folks don't seem to think that would be useful.Let's look into middleware a little closer, to show you why it's something to smile about.
https://philsturgeon.uk/2016/05/31/why-care-about-php-middleware/
Our team is currently working on a Spark app. Spark makes is real easy to add an API that can be consumed by the users of the app. The generation of API tokens and authentication middleware comes out of the box. It all works really great.
In our API the a team owner can fetch information on every member on the team and himself. The url to fetch info of a user looks something like this: /users/<id-of-user>. Nothing too special. But we also want to make fetching a user's own information as easy as possible. Sure, the user could look op his own userid and then call the aforementioned url, but using something like /users/me is much nicer. In this way the user doesn't have to look op his own id. Let's make that possible.
In our app we use these functions to get the the current user and team:
/**
* @return \App\Models\User|null
*/
function currentUser()
{
return request()->user();
}
/**
* @return \App\Models\Team|null
*/
function currentTeam()
{
if (!request()->user()) {
return;
}
return request()->user()->currentTeam();
}
The route look something to get the user data looks something like this:
Route::post('/users/{userId}', 'UserController@show');
My first stab to get /users/me working was to leverage route model binding. In the RouteServiceProvider I put this code:
$router->bind('userId', function ($userId) {
if ($userId === "me") {
return currentUser();
}
$user = currentTeam()->users->where('id', $userId)->first();
abort_unless($user, 404, "There's no user on your team with id `{$id}`");
return $user;
});
Unfortunately this does not work. When Laravel is binding route parameters the authentication has not started up yet. At this point currentUser and currentTeam will always return null.
Middleware comes to the rescue. Route-middleware is processed at a moment when authentication has started up. To make /users/me work this middleware can be used:
namespace App\Http\Middleware;
use Closure;
class BindRouteParameters
{
public function handle($request, Closure $next)
{
if ($request->route()->hasParameter('userId')) {
$id = $request->route()->parameter('userId');
$user = $this->getUser($id);
abort_unless($user, 404, "There's no user on your team with id `{$id}`");
$request->route()->setParameter('userId', $user);
}
return $next($request);
}
public function getUser(string $id)
{
if ($id === 'me') {
return currentUser();
}
return currentTeam()->users->where('id', $id)->first();
}
}
There are two things you must do to use this middleware. First: it's route middleware so you such register it as such at the http-kernel.
// app/Http/Kernel.php
...
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* @var array
*/
protected $routeMiddleware = [
...
'bindRouteParameters' => \App\Http\Middleware\BindRouteParameters::class,
]
Second: you must apply the middleware to certain routes. In a default Spark app you'll find all api-routes in a file at app/Http/api.php. That file starts with this line:
Route::group(['prefix' => 'api', 'middleware' => ['auth:api']], function () {
...
Just add the bindRouteParameters middleware to the group:
Route::group(['prefix' => 'api', 'middleware' => ['auth:api', 'bindRouteParameters']], function () {
...
I'm currently using the above solution in my app. You could make a solution that's more generic by checking if the parameters ends with orMe. Here's an example how that might work:
namespace App\Http\Middleware;
use Closure;
class BindCurrentUserRouteParameter
{
public function handle($request, Closure $next)
{
collect($request->route()->parameters())
->each(function ($value, $parameterName) use ($request) {
if (!ends_with($parameterName, 'orMe')) {
return;
}
if ($value === 'me') {
$request->route()->setParameter($parameterName, currentUser());
}
});
return $next($request);
}
If you have any questions about this approach or have any ideas how to make it better, let me know in the comments below.
If you don't want a site to be indexed by search engines you must place a robots.txt file. Typically you don't want anything indexed except production sites. Today Spatie released a new package called laravel-robots-middleware. It was coded up by my colleague Sebastian. Instead of you having to…
A few days ago Jeffrey Way published an interesting lesson on how to integrate pjax with Laravel. Pjax is jquery plugin that leverages ajax to speed up the loading time of webpages. It works by only fetching specific html fragments from the server, and client-side updating only certain parts of the…
Laravel's native authorization functionality allows you to define abilities a user can have. There are multiple ways to check if a user has a certain ability: via the facade, via the user model, within blade templates and within form requests. What Laravel doesn't provide out of the box is a…
Middleware is a series of wrappers around your application that decorate the request and the response. By wrapping the app in decorators you can add new behavious from the outside. This image explains the idea more visually:
[caption id="attachment_475" align="alignnone" width="726"]
source: StackPHP.com[/caption]
The concept isn't new, solutions already exists for many languages (eg. Ruby, Python, Node, ...)
The PHP equivalent is StackPHP. Here's an excellent post by Richard Bagshaw explaining it. There are a lot of StackPHP style middlewares available that you can use in your applications.
Laravel 5 uses middleware for putting an application in maintenance mode, CSRF protection, authentication and more. Unfortunately Laravel 5 middleware isn't compatible with StackPHP-style middleware. Barry vd. Heuvel created at package to convert StackPHP middleware to Laravel 5 middleware and explained the inner workings on his blog.
