Middleware
Middleware filters HTTP requests entering your application — for authentication, logging, rate limiting, and more.
Creating Middleware
// app/Middleware/EnsureAuthenticated.php
namespace App\Middleware;
use DevPortal\Http\Request;
use DevPortal\Http\Response;
class EnsureAuthenticated
{
public function handle(Request $request, callable $next): Response
{
if (!auth()->check()) {
return redirect('/login');
}
return $next($request);
}
}Registering Middleware
Register in config/middleware.php under a short alias:
return [
'auth' => App\Middleware\EnsureAuthenticated::class,
'verified' => App\Middleware\EnsureEmailVerified::class,
'throttle' => App\Middleware\RateLimiter::class,
];Global Middleware
Always-on middleware runs on every request — register it in the global array:
'global' => [
App\Middleware\TrimStrings::class,
App\Middleware\HandleCors::class,
App\Middleware\VerifyCsrfToken::class,
]
⚠ Order Matters
Global middleware runs top-to-bottom. Place session middleware before auth middleware.