– dev.to - submitted by Grant
A lot is changing in Laravel 11, including setting up middleware. This post explores how to do it and a lingering question I have after learning about it.
Read more [dev.to]
– tighten.com - submitted by Jamison Valenta
Tighten programmer Alison shares an intro to terminable middleware in Laravel. This type of middleware does work after the HTTP response is sent to the browser. Learn when to use it, and a some gotchas.
Read more [tighten.com]
Join thousands of developers
Every two weeks, I share practical tips, tutorials, and behind-the-scenes insights from maintaining 300+ open source packages.
No spam. Unsubscribe anytime. You can also follow me on X.
– doeken.org - submitted by Doeke Norg
The Middleware Pattern allows you to easily change the input and output of an action; one layer at a time.
Read more [doeken.org]
In this video, which is part of the Testing Laravel video course, I explain to cool ways to test middleware in Laravel.
In this video, we're using Pest, but you can easily use the techniques in a PHPUnit testsuite as well.
– michielkempen.com - submitted by Michiel Kempen
What is the TrustProxies middleware and how can it help you generate secure HTTPS URLs, even when running Laravel behind a proxy?
Read more [michielkempen.com]
– johnbraun.blog - submitted by John Braun
When writing an end-to-end test, it is tricky to force the application to use a certain (fake) date. In this post, John Braun shares his approach using a custom middleware to be able to write Cypress tests while your application state uses a specific (fake) date.
Read more [johnbraun.blog]
– blog.rafter.app - submitted by Josh Larson
Learn how to track and visualize a chain of queued jobs in Laravel using a custom trait, job middleware, and Laravel Livewire.
Read more [blog.rafter.app]
– timacdonald.me - submitted by Tim Mac
String concatenation is the current way we can pass arguments to Laravel middleware - but what if there was another way
Read more [timacdonald.me]
Last week our team launched Mailcoach, a self-hosted solution to send out email campaigns and newsletters. Rather than being the end, laughing something is the beginning of a journey. Users start encountering bugs and ask for features that weren't considered before.
One of those features requests we got, is the ability the set the guard to be used when checking if somebody is allowed to access the Mailcoach UI.
In this blog post, I'd like to show you how we implemented and tested this.
Recently we released a new small package called laravel-rate-limited-job-middleware. As the name implies, this package can be used to limit how many times a job may be executed in a given amount of time.
In this short blog post, I'd like to introduce the package to you.
One of the smallest pieces of middleware I've written, but feels a lot cleaner to abstract it instead of having these implementation details in a controller pic.twitter.com/AR3vOMKMM9
— Sebastian De Deyne (@sebdedeyne) January 8, 2019
Read more [twitter.com]
Phil Sturgeon provides a good explanation on the why and how of middlewares in PHP.
Recently there has been a lot of buzz about HTTP middleware in PHP. Since PSR-7 was accepted, everyone and their friend Sherly has been knocking out middleware implementations, some of them stunning, some of them half-arsed, and some of them rolled into existing frameworks. HTTP Middleware is a wonderful thing, but the PHP-FIG is working on a specific standard for middleware, which will standardise this mess of implementations, but some folks don't seem to think that would be useful.Let's look into middleware a little closer, to show you why it's something to smile about.
https://philsturgeon.uk/2016/05/31/why-care-about-php-middleware/
Our team is currently working on a Spark app. Spark makes is real easy to add an API that can be consumed by the users of the app. The generation of API tokens and authentication middleware comes out of the box. It all works really great.
In our API the a team owner can fetch information on every member on the team and himself. The url to fetch info of a user looks something like this: /users/<id-of-user>. Nothing too special. But we also want to make fetching a user's own information as easy as possible. Sure, the user could look op his own userid and then call the aforementioned url, but using something like /users/me is much nicer. In this way the user doesn't have to look op his own id. Let's make that possible.
In our app we use these functions to get the the current user and team:
/**
* @return \App\Models\User|null
*/
function currentUser()
{
return request()->user();
}
/**
* @return \App\Models\Team|null
*/
function currentTeam()
{
if (!request()->user()) {
return;
}
return request()->user()->currentTeam();
}
The route look something to get the user data looks something like this:
Route::post('/users/{userId}', 'UserController@show');
My first stab to get /users/me working was to leverage route model binding. In the RouteServiceProvider I put this code:
$router->bind('userId', function ($userId) {
if ($userId === "me") {
return currentUser();
}
$user = currentTeam()->users->where('id', $userId)->first();
abort_unless($user, 404, "There's no user on your team with id `{$id}`");
return $user;
});
Unfortunately this does not work. When Laravel is binding route parameters the authentication has not started up yet. At this point currentUser and currentTeam will always return null.
Middleware comes to the rescue. Route-middleware is processed at a moment when authentication has started up. To make /users/me work this middleware can be used:
namespace App\Http\Middleware;
use Closure;
class BindRouteParameters
{
public function handle($request, Closure $next)
{
if ($request->route()->hasParameter('userId')) {
$id = $request->route()->parameter('userId');
$user = $this->getUser($id);
abort_unless($user, 404, "There's no user on your team with id `{$id}`");
$request->route()->setParameter('userId', $user);
}
return $next($request);
}
public function getUser(string $id)
{
if ($id === 'me') {
return currentUser();
}
return currentTeam()->users->where('id', $id)->first();
}
}
There are two things you must do to use this middleware. First: it's route middleware so you such register it as such at the http-kernel.
// app/Http/Kernel.php
...
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* @var array
*/
protected $routeMiddleware = [
...
'bindRouteParameters' => \App\Http\Middleware\BindRouteParameters::class,
]
Second: you must apply the middleware to certain routes. In a default Spark app you'll find all api-routes in a file at app/Http/api.php. That file starts with this line:
Route::group(['prefix' => 'api', 'middleware' => ['auth:api']], function () {
...
Just add the bindRouteParameters middleware to the group:
Route::group(['prefix' => 'api', 'middleware' => ['auth:api', 'bindRouteParameters']], function () {
...
I'm currently using the above solution in my app. You could make a solution that's more generic by checking if the parameters ends with orMe. Here's an example how that might work:
namespace App\Http\Middleware;
use Closure;
class BindCurrentUserRouteParameter
{
public function handle($request, Closure $next)
{
collect($request->route()->parameters())
->each(function ($value, $parameterName) use ($request) {
if (!ends_with($parameterName, 'orMe')) {
return;
}
if ($value === 'me') {
$request->route()->setParameter($parameterName, currentUser());
}
});
return $next($request);
}
If you have any questions about this approach or have any ideas how to make it better, let me know in the comments below.
If you don't want a site to be indexed by search engines you must place a robots.txt file. Typically you don't want anything indexed except production sites. Today Spatie released a new package called laravel-robots-middleware. It was coded up by my colleague Sebastian. Instead of you having to…
Middleware is a series of wrappers around your application that decorate the request and the response. By wrapping the app in decorators you can add new behavious from the outside. This image explains the idea more visually:
[caption id="attachment_475" align="alignnone" width="726"]
source: StackPHP.com[/caption]
The concept isn't new, solutions already exists for many languages (eg. Ruby, Python, Node, ...)
The PHP equivalent is StackPHP. Here's an excellent post by Richard Bagshaw explaining it. There are a lot of StackPHP style middlewares available that you can use in your applications.
Laravel 5 uses middleware for putting an application in maintenance mode, CSRF protection, authentication and more. Unfortunately Laravel 5 middleware isn't compatible with StackPHP-style middleware. Barry vd. Heuvel created at package to convert StackPHP middleware to Laravel 5 middleware and explained the inner workings on his blog.