How to Create Auth Middleware in Laravel: Step-by-Step Guide
In Laravel, create auth middleware by running
php artisan make:middleware AuthMiddleware, then add your authentication logic in the middleware's handle method. Register this middleware in app/Http/Kernel.php and apply it to routes to protect them.Syntax
To create auth middleware in Laravel, use the artisan command to generate a middleware class. The key method is handle($request, Closure $next), where you check if the user is authenticated. If not, redirect or abort; otherwise, pass the request forward.
handle: Main method to process requests.$request: Incoming HTTP request.$next: Closure to pass request to next middleware or controller.
php
<?php namespace App\Http\Middleware; use Closure; use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; class AuthMiddleware { public function handle(Request $request, Closure $next) { if (!Auth::check()) { return redirect('login'); } return $next($request); } }
Example
This example shows creating a custom auth middleware that checks if a user is logged in. If not, it redirects to the login page. Then, it is registered in the HTTP kernel and applied to a route.
php
<?php // 1. Create middleware with artisan: // php artisan make:middleware AuthMiddleware // 2. Middleware code (app/Http/Middleware/AuthMiddleware.php): namespace App\Http\Middleware; use Closure; use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; class AuthMiddleware { public function handle(Request $request, Closure $next) { if (!Auth::check()) { return redirect('login'); } return $next($request); } } // 3. Register middleware in app/Http/Kernel.php: protected $routeMiddleware = [ // ... other middleware 'auth.custom' => \App\Http\Middleware\AuthMiddleware::class, ]; // 4. Apply middleware to routes in routes/web.php: use Illuminate\Support\Facades\Route; Route::get('/dashboard', function () { return 'Welcome to your dashboard!'; })->middleware('auth.custom');
Output
If user is logged in: Displays 'Welcome to your dashboard!'
If not logged in: Redirects to '/login' page
Common Pitfalls
Common mistakes when creating auth middleware include:
- Not registering the middleware in
Kernel.php, so it won't be recognized. - Forgetting to return
$next($request), which stops the request chain. - Using incorrect authentication checks; always use
Auth::check()for login status. - Redirecting to a route that does not exist, causing errors.
php
<?php // Wrong: Missing return statement public function handle($request, Closure $next) { if (!Auth::check()) { return redirect('login'); } // Forgot to return next middleware } // Right: public function handle($request, Closure $next) { if (!Auth::check()) { return redirect('login'); } return $next($request); }
Quick Reference
Summary tips for creating auth middleware in Laravel:
- Use
php artisan make:middleware MiddlewareNameto create. - Check authentication with
Auth::check()insidehandle. - Always return
$next($request)if authenticated. - Register middleware in
app/Http/Kernel.phpunder$routeMiddleware. - Apply middleware to routes using
->middleware('your_middleware').
Key Takeaways
Create auth middleware using artisan and add logic in the handle method.
Always register your middleware in Kernel.php to use it in routes.
Use Auth::check() to verify if a user is logged in.
Return $next($request) to continue request processing after checks.
Apply middleware to routes to protect them from unauthorized access.