Laravel Tutorial 2: Middleware 06-14-2022, 12:56 PM
#1
This is a continuation of the previous Laravel tutorial and will use the same project from the previous tutorial(s). If you have not been following along you may not get as much use out of this as other readers, meaning of course, user experience may vary. Also note that this is aimed at users of the 8.x Laravel software.
What is Middleware?
Middleware sits between you and the server and mitigates HTTP requests. As an example, a piece of middleware will wait for a request to the server from a user. If the user is authenticated it will direct them to their dashboard or user profile, or wherever. If the user is not authenticated it will present them with the login screen, or whatever screen you wish. Authentication isn't the only thing middlware does. Use your imagination. Logging, downloading specific files, serving specific files or folders, etc. It sits in the middle, like, a "man-in-the-middle", which you may be familiar with if you're a hacker.
make:middleware
We will use artisan (like in the previous tutorials) to create and name the middleware. Naming convention for class names states that your classes SHOULD ALWAYS start with a capital letter. Yes, because I say so, and I'm sure so does Richard Stallman (my hero) and Dennis Ritchie, the creator of the C programming language, etc., etc..
The command above will generate a class (PHP file) named CheckApiToken for you in the app/Http/Middleware/ folder. Now we can modify the CheckApiToken class and verify if the token that is being passed in the URL matches the one we are using to authenticate the user. I will generate an md5 hash for the words "hello world". You can do that right on the command line using the -r argument. Below will produce the md5 hash for us.
Now we can take that hash and check it against $request->input and redirect the user accordingly.
![[Image: image.png]](https://i.ibb.co/ZVt1JfT/image.png)
We want to check this for every single request into our application from the user's request, so we need to add this to the $middleware array in the Kernel.php file. This file is located at app/Http/Kernel.php. In the image below you can see that I have added it to the array.
![[Image: image.png]](https://i.ibb.co/QktBMDj/image.png)
When you make the request to the app with the apitoken parameter in the URL you will be redirected to http://127.0.0.1:8000/access. The URL will be something like http://127.0.0.1:8000/?apikey=5eb63bbbe0...bb8f5acdc3. You will be redirected to a page that doesn't exist if you haven't already created the access page. You can refer to the previous tutorials to add this page.
![[Image: image.png]](https://i.ibb.co/HTr0Xkz/image.png)
What is Middleware?
Middleware sits between you and the server and mitigates HTTP requests. As an example, a piece of middleware will wait for a request to the server from a user. If the user is authenticated it will direct them to their dashboard or user profile, or wherever. If the user is not authenticated it will present them with the login screen, or whatever screen you wish. Authentication isn't the only thing middlware does. Use your imagination. Logging, downloading specific files, serving specific files or folders, etc. It sits in the middle, like, a "man-in-the-middle", which you may be familiar with if you're a hacker.
make:middleware
We will use artisan (like in the previous tutorials) to create and name the middleware. Naming convention for class names states that your classes SHOULD ALWAYS start with a capital letter. Yes, because I say so, and I'm sure so does Richard Stallman (my hero) and Dennis Ritchie, the creator of the C programming language, etc., etc..
Code:
php artisan make:middleware CheckApiTokenThe command above will generate a class (PHP file) named CheckApiToken for you in the app/Http/Middleware/ folder. Now we can modify the CheckApiToken class and verify if the token that is being passed in the URL matches the one we are using to authenticate the user. I will generate an md5 hash for the words "hello world". You can do that right on the command line using the -r argument. Below will produce the md5 hash for us.
Code:
php -r "echo md5('hello world');"Now we can take that hash and check it against $request->input and redirect the user accordingly.
Code:
public function handle($request, Closure $next)
{
if($request->input('apikey') == '5eb63bbbe01eeed093cb22bb8f5acdc3')
{
return redirect('access');
}
return $next($request);
}We want to check this for every single request into our application from the user's request, so we need to add this to the $middleware array in the Kernel.php file. This file is located at app/Http/Kernel.php. In the image below you can see that I have added it to the array.
When you make the request to the app with the apitoken parameter in the URL you will be redirected to http://127.0.0.1:8000/access. The URL will be something like http://127.0.0.1:8000/?apikey=5eb63bbbe0...bb8f5acdc3. You will be redirected to a page that doesn't exist if you haven't already created the access page. You can refer to the previous tutorials to add this page.
(This post was last modified: 06-14-2022, 01:06 PM by sunjester.)
scarylerie.com
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
