Laravel version: 5.1.46
routes.php
Route::get('/rocha', 'RochaController#index');
Kernel.php
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'Age' => \App\Http\Middleware\AgeMiddleware::class,
'Role' => \App\Http\Middleware\RoleMiddleware::class,
];
RochaController.php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Http\Requests;
use App\Http\Controllers\Controller;
class RochaController extends Controller
{
public function __construct() {
$this->middleware('Role');
}
public function index() {
echo '<br>Hi I am index';
}
}
RochaMiddleware.php
namespace App\Http\Middleware;
use Closure;
class RoleMiddleware
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
echo '<br>Hi I am middleware';
return $next($request);
}
public function terminate($request, $response) {
echo '<br>Shtting down...';
}
}
Result:
Hi I am middleware
Hi I am index
When I use middleware inside the controller via its constructor $this->middleware('Role') the terminate() function does not get called. When I switch the code taking out the constructor in the controller and change the route to the following the terminate() function gets called:
Route::get('/rocha', [
'middleware' => 'Role',
'uses' => 'RochaController#index'
]);
Result:
Hi I am middleware
Hi I am index
Shtting down...
Why does the constructor version ($this->middleware('Role')) prevent the terminate() function from being called?
Why does the route version work and the terminate() function is called as opposed to the above?
If you define a terminate method on your middleware, it will automatically be called after the response is ready to be sent to the browser.
from terminable-middleware
I think you misunderstand the usage of terminate method. Laravel actually call the terminate method, but the browser will not show the output of terminate. Because the response has been sent to browsers.
You can use this terminate method to test whether the call is successful.
public function terminate($request, $response)
{
file_put_contents(__DIR__ . '/1.txt', 'hello terminate');
}
By the way, I'm test your code, it always output:
Hi I am middleware
Hi I am index
I also wonder why you can get Shtting down...
Related
I'm trying to do something but i cant even imagine how to do it.
To pass parameters to a middlware I'm doing this:
Route::put('post/{id}', ['middleware' => 'role:editor', function ($id) {
//
}]);
From the laravel documentation.
Then get the parameter in the handle function...
But laravel suggest to declare the middleware use in the __construct in the Controller, insted in the route.
So...
public function __construct() {
$this->middleware('auth');
}
But i dont know how to pass parameters to the Controller.
I would thank any help.
You can access url parameters into middleware shown as below:
routes.php
Route::get('/test/{id}', ['uses' => 'Test#test']);
Test Controller
<?php
namespace App\Http\Controllers;
class Test extends Controller
{
/**
* Test constructor.
*/
public function __construct()
{
$this->middleware('test');
}
public function test()
{
return 'sample';
}
Test Middleware
<?php namespace App\Http\Middleware;
use Closure;
class Test
{
public function handle($request, Closure $next)
{
dd($request->id);
return $next($request);
}
}
** dont forget update your Kernel.php to activate middleware
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'test' => \App\Http\Middleware\Test::class,
];
Don't put the middleware in the controller. Keep business logic out of the controller as often as possible.
Instead, make your middleware file.
php artisan make:middleware MyMiddlewareDoesThings
Now inside of your file, locate the $handle function.
public function handle($request, Closure $next)
Just add arguments after the request and closure
public function handle($request, Closure $next, $role)
Now $role will contain the value of role:value which from your example would be $editor
#muhammad-sumon-molla-selim answer is actually the best one according to the question, but it leaks into explanation.
With my knowledge I was able to follow his guideline so here is a full example plus a usecase where Route's middleware or Request parameters is not possible.
I have an abstract CRUDControllerBase, which is extended by many child controllers.
Each child controllers need a different permission to perform any action on the model excepts index/show.
So I was forced to dynamically pass the permission (string) from the controller to the Middleware, here is the base structure:
// App\Http\Controllers\CRUDControllerBase.php
abstract class CRUDControllerBase extends Controller
{
/**
* #var string The needed permission to call store or update
* If null, permission is granted to every users
*/
protected ?string $permission = null;
public function __construct()
{
// Here I need to pass to VerifyUserPermission the controller's permission
$this->middleware(VerifyUserPermission::class)
->except(['index', 'show']);
}
}
// App\Http\Controllers\DocumentController.php
class DocumentController extends CRUDControllerBase
{
protected ?string $permission = 'documents';
}
// App\Http\Controllers\EventController.php
class EventController extends CRUDControllerBase
{
protected ?string $permission = 'events';
}
And here is how I tackled this following the #muhammad-sumon-molla-selim answer:
// App\Http\Middleware\VerifyUserPermission.php
// Create the VerifyUserPermission middleware, which accepts the permission string
class VerifyUserPermission
{
public function handle(Request $request, Closure $next, ?string $permission): mixed
{
$user = $request->user();
// If a permission is needed but the user doesn't have it, abort
if ($permission && !$user->$permissionField) {
abort(401);
}
return $next($request);
}
}
// App\Http\Kernel.php
// Register the middleware
class Kernel extends HttpKernel
{
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
// [...]
'permission' => \App\Http\Middleware\VerifyUserPermission::class
];
}
// App\Http\Controllers\CRUDControllerBase.php
// Then just register the middleware into the CRUDControllerBase's constructor
abstract class CRUDControllerBase extends Controller
{
protected ?string $permission = null;
public function __construct()
{
// 'documents' permission will be needed for Documents' edition
// 'events' permission will be needed for Events' edition
// And so on for many others controllers
$this->middleware("permission:$this->permission")
->except(['index', 'show']);
}
}
If you want to get the parameters in the __construct of your controller you could do this:
class HomeController extends \BaseController
{
public function __construct()
{
$this->routeParamters = Route::current()->parameters();
}
}
I have a roles administrator, moderator and member in my laravel application. Application have fronted and backend sections. I want to allow access to backend section only for administrator and moderator. I create SuperUsersMiddleware:
<?php
namespace CMS\Http\Middleware;
use Closure;
class SuperUsersMiddleware
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if (! $request->user()->hasRole('administrator') || ! $request->user()->hasRole('moderator')) {
return redirect('/');
}
return $next($request);
}
}
Register in Kernel.php:
......
protected $routeMiddleware = [
'superusers' => \CMS\Http\Middleware\SuperUsersMiddleware::class,
'administrator' => \CMS\Http\Middleware\AdminMiddleware::class,
'moderator' => \CMS\Http\Middleware\ModeratorMiddleware::class,
'auth' => \CMS\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'can' => \Illuminate\Foundation\Http\Middleware\Authorize::class,
'guest' => \CMS\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
];
.....
and in my backend folder I create Controller.php (all other controllers in backend section extends this controller) and in __construct() function set middleware:
...
public function __construct()
{
$this->middleware('superusers');
}
...
But this doesn't work for me. I also create administrator and moderator middleware and it works separately but I needed both - together. How to do that? I tray:
public function __construct()
{
$this->middleware('administrator');
$this->middleware('moderator');
}
But this also can't work. What is a best practice for this situation?
First off I wouldn't apply any Middleware on your master Controller as then middleware would be applied to everything. You should do this on each individual controller like UserController.
You can apply as many middleware instances to a route/function as you want. I'm not aware of any limitations on that. So I'm not sure why you say this doesn't work:
public function __construct()
{
$this->middleware('administrator');
$this->middleware('moderator');
}
You can apply the different middleware to the routes that require the different levels. You can do this in your routes.php or in your Controllers. If you want to do it in your Controller like you are doing above you would have something like this:
public function __construct()
{
$this->middleware('auth'); //this applies to all actions
$this->middleware('administrator', ['only' => ['adminFunction', 'otherAdminFunction','bothCanAccess']]);
$this->middleware('moderator',['only' => ['moderatorFunction','bothCanAccess']);
}
public function adminfunction()
{
...
}
public function otherAdminfunction()
{
...
}
public function moderatorFunction()
{
...
}
public function bothCanAccess()
{
...
}
So first off the auth middleware will apply to all actions. This means a user has to be logged in to access any function in here. Then you can apply specific middleware to each function. If you need more info on this check out the documentation:
https://laravel.com/docs/5.2/controllers#controller-middleware
To do this in your router you would do something like this:
Route::get('/admin', ['middleware' => ['auth', 'administrator'],'uses'=>'Controller#adminFunction']);
So in this case it will apply the auth middleware first to make sure someone is logged in, then fire the administrator middleware and make sure the user is an admin.
Hopefully that helps.
I'm using laravel 5.1, I'm trying to update locale in app file like this :
In Locale Middleware file :
...
public function handle($request, Closure $next)
{
if(Session::has('locale'))
{
$lang = Session::get('locale');
App::setLocale($lang);
}
return $next($request);
}
Any idea about this ??
Oooof finally after two hours ><' !!
It's the line place of locale class in middleware -.-' !!!
I set it in last line like this :
...
...
\App\Http\Middleware\VerifyCsrfToken::class,
\App\Http\Middleware\Locale::class,
];
and All is fine and working ! thanks for you all :))))
The only solution which I found was set locale in constructor method of middle ware, like this:
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Foundation\Application;
use Illuminate\Http\Request;
class Localization
{
protected $app;
public function __construct(Application $app, Request $request)
{
if($locale = $request->header('Content-Language')){
if(in_array($locale, ['en', 'fa'])){
$app->setLocale($locale);
}
}
}
/**
* Handle an incoming request.
*
* #param Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
return $next($request);
}
}
With ♥♥♥ and over 2 hours trying!
Thanks,
:) I had the same problem and the solution was put the middleware in the file
App\Http\Kernel.php in the section of protected $middleware = []
\App\Http\Middleware\VerifyCsrfToken::class,
\App\Http\Middleware\myNewMiddleware::class,
];
I have solved my issue as follow:
1 Step. Created a middleware. php artisan make:middleware SetLocale
2 Step. Updated the middleware file. File: app/Http/Middleware/SetLocale.php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\App;
class SetLocale
{
private $locales = ['ar', 'en'];
// ...
public function handle($request, Closure $next, $locale)
{
if (array_search($locale, $this->locales) === false) {
return redirect('/');
}
App::setLocale($locale);
return $next($request);
}
}
3 Step. Appended my new middleware to app/Http/Kernel.php $routeMiddleware array.
namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
{
// ...
protected $routeMiddleware = [
// ...
'locale' => \App\Http\Middleware\SetLocale::class,
];
}
4 Step. I have used my the middleware in my routes/web.php file.
Route::group(['prefix' => 'ar', 'namespace' => 'Arabic', 'middleware' => 'locale:ar'], function() {
Route::get('/', 'PashtoHomeController#index')->name('arHome');
// ...
});
Route::group(['prefix' => 'en', 'namespace' => 'English', 'middleware' => 'locale:en'], function() {
Route::get('/', 'PashtoHomeController#index')->name('enHome');
// ...
});
Route::get('/', function() {
return redirect()->route('arHome');
});
Some service makes HTTP request to my site and passes some input. This input has a little bit wrong structure for me, so I'm trying to modify it.
I made a middleware and attached this middleware to my route. The handle method looks like this:
public function handle($request, Closure $next)
{
$input = $request->all();
// Input modification
$request->replace($input);
\Log::info($request->all()); // Shows modified request
return $next($request);
}
However in my controller I got old input. Also I'm a little bit confused since I also use FormRequest, and as I realize these two requests are different entities. Then how can I modify the input in the middleware?
I don't know what's the exact problem in your case but I'll show you what I did to make it work and it might solve your problem:
app/Http/Middleware/TestMiddleware.php
<?php namespace App\Http\Middleware;
use Closure;
class TestMiddleware
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
$input = $request->all();
if (isset($input['mod'])) {
list($input['int'], $input['text']) = explode('-', $input['mod']);
unset($input['mod']);
// Input modification
$request->replace($input);
\Log::info($request->all()); // Shows modified request
}
return $next($request);
}
}
app/Http/Kernel.php
protected $middleware = [
'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
'Illuminate\Cookie\Middleware\EncryptCookies',
'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
'Illuminate\Session\Middleware\StartSession',
'Illuminate\View\Middleware\ShareErrorsFromSession',
'App\Http\Middleware\VerifyCsrfToken',
Middleware\TestMiddleware::class, // this line added
];
app/Http/routes.php
Route::get('/test', ['uses' => 'TestController#index']);
app/Http/Requests/SampleRequest.php
<?php namespace App\Http\Requests;
class SampleRequest extends Request
{
public function rules()
{
return [
'int' =>
[
'required',
'integer'
],
'text' => [
'max: 5',
]
];
}
}
app/Http/Controllers/TestController.php
<?php namespace App\Http\Controllers;
use App\Http\Requests;
class TestController extends \Illuminate\Routing\Controller
{
public function index(Requests\SampleRequest $request)
{
dd($request->all());
}
}
In console I've run composer dump-autoload.
Now when I run the following url:
http://testproject.app/test?mod=23-tav
I'm getting in controller from dd:
array:2 [▼
"text" => "tav"
"int" => "23"
]
as expected and when I run for example http://testproject.app/test?mod=abc-tav I'm being redirected to mainpage in my case because data doesn't pass validation from SampleRequest (int is not integer)
I found method Request::replace, that allows to replace input parameters in Request.
But currently i can see only one way to implement it - to write same replacing input code in every controller action.
Is it possible somehow to group code, that will be executed after request successful validation, but before controller action is started?
For example, i need to support ISO2 languages in my api, but under the hood, i have to transform them into legacy ones, that are really stored in the database. Currently i have this code in controller:
// Controller action context
$iso = $request->input('language');
$legacy = Language::iso2ToLegacy($iso);
$request->replace(['language' => $legacy]);
// Controller action code starts
I think what you're looking for is the passedValidation() method from the ValidatesWhenResolvedTrait trait
How to use it:
Create custom Request: php artisan make:request UpdateLanguageRequest
Put validation rules into the rules() method inside UpdateLanguageRequest class
Use passedValidation() method to make any actions on the Request object after successful validation
namespace App\Http\Requests;
use App\...\Language;
class UpdateLanguageRequest extends FormRequest
{
public function authorize()
{
return true;
}
public function rules()
{
return [
// here goes your rules, f.e.:
'language' => ['max:255']
];
}
protected function passedValidation()
{
$this->replace(['language' => Language::iso2ToLegacy($this->language)]);
}
}
Use UpdateLanguageRequest class in your Controller instead Request
public function someControllerMethod(UpdateLanguageRequest $request){
// the $request->language data was already modified at this point
}
*And maybe you want to use merge not replace method since replace will replace all other data in request and the merge method will replace only specific values
This solution worked for me based on Alexander Ivashchenko answer above:
<?php
namespace App\Http\Requests\User;
class UserUpdateRequest extends UserRequest
{
/**
* Get the validation rules that apply to the request.
*
* #return array
*/
public function rules(): array
{
return [
'name'=>'required|string',
'email'=>'required|string|email',
'password'=>'min:8'
];
}
}
Our parent UserRequest class:
<?php
namespace App\Http\Requests\User;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Support\Facades\Hash;
abstract class UserRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* #return bool
*/
public function authorize(): bool
{
return true;
}
/**
* Handle a passed validation attempt.
*
* #return void
*/
protected function passedValidation()
{
if ($this->has('password')) {
$this->merge(
['password' => Hash::make($this->input('password'))]
);
}
}
public function validated(): array
{
if ($this->has('password')) {
return array_merge(parent::validated(), ['password' => $this->input('password')]);
}
return parent::validated();
}
}
I am overriding validated method also. If we access each input element individually his answer works but in order to use bulk assignment in our controllers as follow we need the validated overriding.
...
public function update(UserUpdateRequest $request, User $user): JsonResource
{
$user->update($request->validated());
...
}
...
This happens because validated method get the data directly from the Validator instead of the Request. Another possible solution could be a custom validator wit a DTO approach, but for simple stuff this above it's enough.
Is it possible somehow to group code, that will be executed after
request successful validation, but before controller action is
started?
You may do it using a middleware as validator, for example:
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\JsonResponse;
class InputValidator
{
public function handle($request, Closure $next, $fullyQualifiedNameOfModel)
{
$model = app($fullyQualifiedNameOfModel);
$validator = app('validator')->make($request->input(), $model->rules($request));
if ($validator->fails()) {
return $this->response($request, $validator->errors());
}
return $next($request);
}
protected function response($request, $errors)
{
if($request->ajax()) {
return new JsonResponse($errors, 422);
}
return redirect()->back()->withErrors($errors)->withInput();
}
}
Add the following entry in the end of $routeMiddleware in App\Http\Kernel.php class:
'validator' => 'App\Http\Middleware\InputValidator'
Add the rules method in Eloquent Model for example, app\Product.php is model and the rules method is declared as given below:
/**
* Get the validation rules that apply to the request.
*
* #return array
*/
public function rules(\Illuminate\Http\Request $request)
{
return [
'title' => 'required|unique:products,title,'.$request->route()->parameter('id'),
'slug' => 'required|unique:products,slug,'.$request->route()->parameter('id'),
];
}
Declare the route like this:
$router->get('create', [
'uses' => 'ProductController#create',
'as' => 'Product.create',
'permission' => 'manage_tag',
'middleware' => 'validator:App\Product' // Fully qualified model name
]);
You may add more middleware using array for example:
'middleware' => ['auth', 'validator:App\Product']
This is a way to replace the FormRequest using a single middleware. I use this middleware with model name as argument to validate all my models using a single middleware instead of individual FormRequest class for each controller.
Here, validator is the middleware and App\Product is the model name which I pass as argument and from within the middleware I validate that model.
According to your question, the code inside your controller will be executed only after input validation passes, otherwise the redirect/ajax response will be done. For your specific reason, you may create a specific middleware. This is just an idea that could be used in your case IMO, I mean you can add code for replacing inputs in the specific middleware after validation passes.
Use merge instead of replace
$iso = $request->merge('language');
$legacy = Language::iso2ToLegacy($iso);
$request->merge(['language' => $legacy]);