How to Use Middleware in Controller in Laravel
In Laravel, you use
$this->middleware() inside a controller's constructor to apply middleware to its routes. This method lets you specify middleware for all or some controller actions easily.Syntax
Use $this->middleware('middlewareName') inside the controller constructor to apply middleware. You can also restrict middleware to specific methods using only or except options.
middlewareName: The name of the middleware registered inapp/Http/Kernel.php.only: Apply middleware only to listed methods.except: Apply middleware to all methods except the listed ones.
php
public function __construct() { $this->middleware('auth'); // Apply middleware only to specific methods $this->middleware('auth')->only(['index', 'show']); // Apply middleware to all except listed methods $this->middleware('auth')->except(['login', 'register']); }
Example
This example shows a controller applying the auth middleware to all its methods except login and register. This means users must be authenticated to access most actions, but not the login or registration pages.
php
<?php namespace App\Http\Controllers; use Illuminate\Http\Request; class UserController extends Controller { public function __construct() { $this->middleware('auth')->except(['login', 'register']); } public function index() { return 'User dashboard - authenticated users only'; } public function login() { return 'Login page - accessible to guests'; } public function register() { return 'Register page - accessible to guests'; } }
Output
Visiting /user/index requires authentication and shows: "User dashboard - authenticated users only".
Visiting /user/login or /user/register is open to guests and shows respective messages.
Common Pitfalls
Common mistakes when using middleware in controllers include:
- Forgetting to call
$this->middleware()inside the constructor. - Using middleware names not registered in
app/Http/Kernel.php. - Misusing
onlyandexceptoptions causing middleware to apply incorrectly. - Trying to apply middleware outside the constructor, which won't work.
php
<?php // Wrong: middleware called outside constructor public function index() { $this->middleware('auth'); // This does nothing here return 'Index page'; } // Right: middleware inside constructor public function __construct() { $this->middleware('auth'); }
Quick Reference
| Usage | Description |
|---|---|
| $this->middleware('auth') | Apply 'auth' middleware to all controller methods |
| $this->middleware('auth')->only(['index', 'show']) | Apply middleware only to 'index' and 'show' methods |
| $this->middleware('auth')->except(['login', 'register']) | Apply middleware to all methods except 'login' and 'register' |
| Middleware name | Must be registered in app/Http/Kernel.php |
Key Takeaways
Always apply middleware inside the controller constructor using $this->middleware().
Use only() and except() to control which methods the middleware affects.
Middleware names must be registered in app/Http/Kernel.php to work.
Do not call middleware methods inside controller actions; it only works in the constructor.
Middleware helps protect routes by controlling access and behavior efficiently.