Middleware
Middleware filters HTTP requests. Generate with php artisan make:middleware.
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
class EnsureUserIsSubscribed
{
public function handle(Request $request, Closure $next): Response
{
if (! $request->user()?->subscribed()) {
return redirect("/subscribe");
}
return $next($request);
}
}Registering Middleware
// In bootstrap/app.php (Laravel 11+ / Laravel 13)
->withMiddleware(function (Middleware $middleware) {
// Named routes
$middleware->alias([
"subscribed" => EnsureUserIsSubscribed::class,
"role" => CheckUserRole::class,
]);
// Groups
$middleware->web->append(LogRequestDuration::class);
$middleware->api->prepend(ForceJsonResponse::class);
});Rate Limiting
use Illuminate\Cache\RateLimiting\Limit;
use Illuminate\Support\Facades\RateLimiter;
RateLimiter::for("api", function (Request $request) {
return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
});
RateLimiter::for("login", function (Request $request) {
return Limit::perMinute(5)->by($request->input("email")."|".$request->ip());
});
Route::middleware("throttle:api")->group(function () {
Route::apiResource("posts", PostController::class);
});