intermediate 14 min read

Middleware

Creating custom middleware, middleware groups, rate limiting, and Laravel 13 middleware improvements.

Middleware

Middleware filters HTTP requests. Generate with php artisan make:middleware.

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;

class EnsureUserIsSubscribed
{
public function handle(Request $request, Closure $next): Response
{
if (! $request->user()?->subscribed()) {
return redirect("/subscribe");
}
return $next($request);
}
}

Registering Middleware

// In bootstrap/app.php (Laravel 11+ / Laravel 13)
->withMiddleware(function (Middleware $middleware) {
// Named routes
$middleware->alias([
"subscribed" => EnsureUserIsSubscribed::class,
"role" => CheckUserRole::class,
]);
// Groups
$middleware->web->append(LogRequestDuration::class);
$middleware->api->prepend(ForceJsonResponse::class);
});

Rate Limiting

use Illuminate\Cache\RateLimiting\Limit;
use Illuminate\Support\Facades\RateLimiter;

RateLimiter::for("api", function (Request $request) {
return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
});

RateLimiter::for("login", function (Request $request) {
return Limit::perMinute(5)->by($request->input("email")."|".$request->ip());
});

Route::middleware("throttle:api")->group(function () {
Route::apiResource("posts", PostController::class);
});

Examples

<?php
// app/Http/Middleware/ForceJsonMiddleware.php
namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;

class ForceJsonMiddleware
{
    public function handle(Request \$request, Closure \$next)
    {
        \$request->headers->set('Accept', 'application/json');
        return \$next(\$request);
    }
}

Your Notes

Sign in to take notes for this lesson.

Discussion

Sign in to join the discussion.

Flashcards

Sign in to create flashcards.