{"flag":true,"single":true,"pageTitle":"middleware laravel 10 example","post":{"id":126,"user_id":"1","slug":"middleware-laravel-10-example-iqsg","title":"middleware laravel 10 example","body":"<p>Middleware provide a convenient mechanism for inspecting and filtering HTTP requests entering your application. All of these middleware are located in the <strong>app\/Http\/Middleware<\/strong> directory. To create a new middleware, use the <strong>make:middleware<\/strong> Artisan command:<\/p>\r\n<pre class=\"language-markup\"><code>php artisan make:middleware EnsureTokenIsValid<\/code><\/pre>\r\n<p>Of course, a middleware can perform tasks before or after passing the request deeper into the application.&nbsp;<\/p>\r\n<p>Following middleware perform the task<strong> before request<\/strong><\/p>\r\n<pre class=\"language-markup\"><code>class BeforeMiddleware\r\n{\r\n    public function handle(Request $request, Closure $next): Response\r\n    {\r\n        if ($request-&gt;input('token') !== 'my-secret-token') {\r\n            return redirect('home');\r\n        }\r\n        return $next($request);\r\n    }\r\n}<\/code><\/pre>\r\n<p>Following middleware perform the task<strong>&nbsp;After request<\/strong><\/p>\r\n<pre class=\"language-markup\"><code>class AfterMiddleware\r\n{\r\n    public function handle(Request $request, Closure $next): Response\r\n    {\r\n        $response = $next($request); \r\n        \/\/ Perform action\r\n        return $response;\r\n    }\r\n}<\/code><\/pre>\r\n<p>Example:<\/p>\r\n<pre class=\"language-markup\"><code>public function handle(Request $request, Closure $next)\r\n    {\r\n        echo \"Before Request\".time();\r\n        $response = $next($request); \r\n        echo \"After Request\".time();\r\n        return $response;\r\n    }<\/code><\/pre>\r\n<p><strong>In Laravel there are three levels where middleware can be applied<\/strong><\/p>\r\n<p><strong>1.Register Global Middleware<\/strong><br>If you want a middleware to run during every HTTP request to your application, list the middleware class in the <strong>$middleware<\/strong> property of your <strong>app\/Http\/Kernel.php<\/strong> class.<\/p>\r\n<pre class=\"language-markup\"><code>protected $middleware = [\r\n    \\App\\Http\\Middleware\\TrustProxies::class,\r\n    \\Illuminate\\Http\\Middleware\\HandleCors::class,\r\n    \\App\\Http\\Middleware\\PreventRequestsDuringMaintenance::class,\r\n];<\/code><\/pre>\r\n<p><strong>2.Assigning Middleware To Routes<\/strong><\/p>\r\n<pre class=\"language-markup\"><code>use App\\Http\\Middleware\\Authenticate;\r\nRoute::get('\/profile', function () {\r\n    \/\/ ...\r\n})-&gt;middleware(Authenticate::class);<\/code><\/pre>\r\n<p>For convenience, you may assign aliases to middleware in your application's <strong>app\/Http\/Kernel.php&nbsp;<\/strong><\/p>\r\n<pre class=\"language-markup\"><code> protected $routeMiddleware = [\r\n        'red_if_nt_auth' =&gt; \\App\\Http\\Middleware\\RedirectIfNotAuthenticated::class,\r\n    ];<\/code><\/pre>\r\n<p>then use<\/p>\r\n<pre class=\"language-markup\"><code>Route::get('\/profile', function () {\r\n    \/\/ ...\r\n})-&gt;middleware('red_if_nt_auth');<\/code><\/pre>\r\n<p>OR<\/p>\r\n<pre class=\"language-markup\"><code>Route::middleware(['auth', 'admin.task.check'])-&gt;group(function () {\r\n    Route::get('\/todo', [TodoController::class, 'index']);\r\n});<\/code><\/pre>\r\n<p><strong>3. Middleware groups<\/strong><\/p>\r\n<p>File: <strong>app\/Http\/Kernel.php<\/strong>, in <strong>$middlewareGroups<\/strong><br>These are groupings like <strong>web <\/strong>and <strong>api<\/strong>, usually applied in<strong> routes\/web.php <\/strong>or <strong>routes\/api.php.<br><span style=\"color: rgb(22, 145, 121);\">So if your route is in web.php, it automatically has the web group middleware.<\/span><br><\/strong><\/p>\r\n<pre class=\"language-markup\"><code>protected $middlewareGroups = [\r\n    'web' =&gt; [\r\n        \\App\\Http\\Middleware\\EncryptCookies::class,\r\n        \\Illuminate\\Session\\Middleware\\StartSession::class,\r\n    ],\r\n\r\n    'api' =&gt; [\r\n        'throttle:api',\r\n        \\Illuminate\\Routing\\Middleware\\SubstituteBindings::class,\r\n    ],\r\n];\r\n<\/code><\/pre>\r\n<p>&nbsp;<\/p>\r\n<p><strong>Terminable Middleware<\/strong><\/p>\r\n<p>The terminate method will automatically be called after the response is sent to the browser:<\/p>\r\n<pre class=\"language-markup\"><code>use Illuminate\\Http\\Response;\r\nclass TerminatingMiddleware\r\n{\r\n    public function handle(Request $request, Closure $next): Response\r\n    {\r\n        return $next($request);\r\n    }\r\n    public function terminate(Request $request, Response $response): void\r\n    {\r\n        \/\/ ...\r\n    }\r\n}<\/code><\/pre>\r\n<p>The terminate method should receive both the request and the response. Once you have defined a terminable middleware, you should add it to the list of routes or global middleware in the <strong>app\/Http\/Kernel.php file.<\/strong><\/p>\r\n<p>&nbsp;<\/p>\r\n<p><strong>Check middleware of a specific route<\/strong><\/p>\r\n<pre class=\"language-markup\"><code>php artisan route:list<\/code><\/pre>\r\n<p>&nbsp;<\/p>\r\n<p>&nbsp;<\/p>\r\n<p><strong>SOME MIDDLEWERES:<\/strong><\/p>\r\n<p><strong>TrustProxies : <\/strong>app\/Http\/Middleware\/TrustProxies.php<strong><br><\/strong>TrustProxies is a Laravel middleware that deals with reverse proxies \/ load balancers.<br>It ensures correct client IP + HTTPS detection when your app is behind a proxy\/load balancer.<\/p>\r\n<pre class=\"language-markup\"><code>use Illuminate\\Http\\Request;\r\nRoute::get('\/check-ip', function (Request $request) {\r\n    return [\r\n        'request_ip'   =&gt; $request-&gt;ip(),\r\n        'server_ip'    =&gt; $_SERVER['REMOTE_ADDR'] ?? null,\r\n        'all_headers'  =&gt; $request-&gt;headers-&gt;all(),\r\n    ];\r\n});<\/code><\/pre>\r\n<ol>\r\n<li>Your TrustProxies middleware + Cloudflare combo is protecting you from header spoofing.&nbsp;<br>\r\n<pre class=\"language-markup\"><code>https:\/\/abc.org\/check-ip  -H \"X-Forwarded-For: 203.0.113.55\"  -H \"X-Forwarded-Proto: https\" -H \"X-Forwarded-Port: 443\"<\/code><\/pre>\r\n<\/li>\r\n<li>Request is HTTPS OR http<br>\r\n<pre class=\"language-markup\"><code>$request-&gt;secure()<\/code><\/pre>\r\n<\/li>\r\n<li>Get IP<br>\r\n<pre class=\"language-markup\"><code>$request-&gt;ip()<\/code><\/pre>\r\n<\/li>\r\n<li>&nbsp;<\/li>\r\n<\/ol>\r\n<p>&nbsp;<\/p>","category_id":"2","is_private":"0","created_at":"2023-04-27T23:10:52.000000Z","updated_at":"2025-09-08T20:29:06.000000Z","category":{"id":2,"user_id":"1","name":"Laravel Core","slug":"laravel-nhyt","parent_id":"1","created_at":"2023-03-14T03:58:27.000000Z","updated_at":"2023-03-20T11:30:50.000000Z"},"user":{"id":1,"name":"R GONDAL","email":"rizikmw@gmail.com","email_verified_at":null,"two_factor_confirmed_at":null,"current_team_id":"1","profile_photo_path":null,"created_at":"2023-03-12T10:49:33.000000Z","updated_at":"2025-01-10T12:59:00.000000Z","profile_photo_url":"https:\/\/ui-avatars.com\/api\/?name=R+G&color=7F9CF5&background=EBF4FF"}},"pageDesc":"Middleware provide a convenient mechanism for inspecting and filtering HTTP requests entering your application. All of these middleware are  - middleware laravel 10 example (Updated: September 8, 2025) - Read more about middleware laravel 10 example at my programming site [SITE]","categories":[]}