Laravel的中间件可以方便的过滤进入我们网页的请求。包括用户授权,CORS来指定流出请求的header等。
定义一个新的中间件可以使用命令:
php artisan make:middleware AgeMiddleware
这条命令在app/Http/Middleware中创建AgeMiddleware类。
我们假设我们过滤所有年龄小于200的请求:
<?php namespace App\Http\Middleware; use Closure; class AgeMiddleware { /** * Run the request filter. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { if ($request->input('age') <= 200) { return redirect('home'); } return $next($request); } }
通过调用$next回调函数就可以将请求往下传递。
Middleware的过滤不局限于请求到达,当请求处理完毕后,也可以经由Middleware处理过滤:
<?php namespace App\Http\Middleware; use Closure; class BeforeMiddleware { public function handle($request, Closure $next) { // Perform action return $next($request); } } <?php namespace App\Http\Middleware; use Closure; class AfterMiddleware { public function handle($request, Closure $next) { $response = $next($request); // Perform action return $response; } }
如果需要你的middleware能够过滤全部Http请求,只需要在app/Http/Kernel.php的$middleware中列出即可。
如果需要将middleware指定给特定的route,首先需要在app/Http/Kernel.php中的$routeMiddleware里声明一个简单的key:
protected $routeMiddleware = [ 'auth' => \App\Http\Middleware\Authenticate::class, 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, 'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class, 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, ];
声明后即可在route里使用,route还可以同时指定多个middleware:
Route::get('admin/profile', ['middleware' => 'auth', function () {
//
}]);
Route::get('/', ['middleware' => ['first', 'second'], function () {
//
}]);
也可以通过方法指定:
Route::get('/', function () {
//
})->middleware(['first', 'second']);
我们也可以将多个Middleware Group在app/Http/Kernel.php中声明成为一个Middleware,如我们熟知的web和api Middleware:
protected $middlewareGroups = [ 'web' => [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class, \App\Http\Middleware\VerifyCsrfToken::class, ], 'api' => [ 'throttle:60,1', 'auth:api', ], ];
Middleware同时也接受传参,只需要在最后一个变量$next后加入新的参数即可。传参时需要在route中用:分隔Middleware和参数:
<?php namespace App\Http\Middleware; use Closure; class RoleMiddleware { /** * Run the request filter. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @param string $role * @return mixed */ public function handle($request, Closure $next, $role) { if (! $request->user()->hasRole($role)) { // Redirect... } return $next($request); } } Route::put('post/{id}', ['middleware' => 'role:editor', function ($id) { // }]);
