Laravel Middleware – Complete Beginner’s Guide with Examples

🧩 What is Middleware in Laravel?

In Laravel, middleware acts as a bridge between a request and a response. Think of it as a filter for HTTP requests that enters your application.

Middleware can:

Perform tasks before the request hits the controller (e.g., authentication)
Modify the response before it’s sent to the browser (e.g., CORS headers)

🚦 How Middleware Works in Laravel

Every time a user sends a request to a Laravel app, it passes through a middleware stack before reaching the controller

🔧 Creating Middleware

Use the artisan command:

php artisan make:middleware CheckUserStatus

This creates a file at:

app/Http/Middleware/CheckUserStatus.php

Example middleware logic:

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;

class CheckUserStatus
{
    public function handle(Request $request, Closure $next)
    {
        if (auth()->check() && auth()->user()->status != 'active') {
            return redirect('/suspended');
        }

        return $next($request);
    }
}

📋 Registering Middleware

Laravel has two types:

🅰️ Global Middleware

Runs on every request. Add it in:

// app/Http/Kernel.php
protected $middleware = [
    \App\Http\Middleware\CheckForMaintenanceMode::class,
    // Your custom middleware
];

🅱️ Route Middleware

Applies to specific routes:

protected $routeMiddleware = [
    'check.status' => \App\Http\Middleware\CheckUserStatus::class,
];

Use it like:

Route::middleware(['check.status'])->group(function () {
    Route::get('/dashboard', [DashboardController::class, 'index']);
});

🧠 Common Laravel Middleware Examples

Middleware	Purpose
`auth`	Check if user is authenticated
`guest`	Redirect authenticated users
`verified`	Email verification
`throttle:60,1`	Rate limiting
`cors`	Handle cross-origin requests
Custom	Any logic you define (e.g., role check, IP filter)

🛠️ Middleware Parameters

Middleware can accept parameters:

Route::get('/admin', function () {
    // only admins
})->middleware('role:admin');

Inside middleware:

public function handle($request, Closure $next, $role)
{
    if (!$request->user()->hasRole($role)) {
        abort(403);
    }
    return $next($request);
}

✅ Best Practices for Using Middleware

Keep it lightweight: Avoid heavy database logic in middleware.
Reuse common logic: Use middleware for shared rules like auth, logging, CORS.
Use route groups: Apply middleware to multiple routes for DRY code.
Combine with policies: Middleware checks access, policies check permissions.
Use naming conventions: E.g., CheckAdminRole or RedirectIfBanned

📈 Why Middleware Matters in Real Projects

Simplifies cross-cutting concerns
Enforces security rules (auth, CSRF, etc.)
Reduces boilerplate in controllers
Helps in multi-tenant, API-based, and microservice architectures

https://laravel.com/docs/12.x/middleware

Laravel Database Queries – Beginner to Advanced Guide with Examples (Chapter 7)

Discover Cutting-Edge Tech Blogs, Software Innovations, and Coding Guides

Laravel Middlewares Explained: A Complete Guide for Beginners (Chapter 6)