Middleware do the task as its name suggest. Its in between of your request and your response to do some task in between these two things.
Lets take an example.
Suppose you have a link called 'profile' and you clicked on that to get user profile.
This sounds good but where middleware comes in this picture.
Obviously, you want to show profile only when user is logged in and want to redirect to somewhere else when not logged in.
This means there have to be anything which have eagle eye on requests.
Here is our Hero Middleware
So to protect every request for authentication you create Middleware. Here is the middleware looks like for this same task.
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->check()) {
return redirect('/');
}
return $next($request);
}
This middleware comes into play when you attached it on any route.
Route::get('/profile','UserController@profile')->middleware('auth');
Now lets see this in details.
When you click on a link which has this profile route, then instead of directly going to UserController's profile function, this route has to first verify via auth middleware,
This middleware then check if requested user is a guest or not, if user is a guest( not logged in) then it redirect to home page ( route('/') ) but if user is authenticated ( not a guest ) then it allow user to go to requested page and then profile function executes on that.
In this way middleware protect the request for every route where you have defined it.
Can I create custom middleware?
Of course, you can easily create your own custom middleware so that you can protect your route according to your need. You just have to use this artisan command
php artisan make:middleware CustomMiddleware
This will create a middleware like this
namespace App\Http\Middleware;
use Closure;
class CustomMiddleware
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
return $next($request);
}
}
Now you have to write your own check here in this CustomMiddleware but before using this middleware you have to register it on kernel.php file on your app/Http/Kernel.php
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'CustomName' => \App\Http\Middleware\CustomMiddleware::class
];
This part is important as it allows middleware to used by laravel.
You can do anything you want, like you can increment views count here, you can check if user can have permission or not, there is no limit to use middleware. It all depends upon your way of coding.
You can learn more about middleware in laravel official documentation.
Conclusion
Middleware is very useful to have checking of anything in between your request and response.
Think about Middleware like a gatekeeper which allows or deny anyone to enter from gate.