How to Create and Apply Custom Middleware in Laravel 11

Middleware in Laravel acts as a powerful mechanism to filter HTTP requests entering your application. With custom middleware, you can control access based on roles, permissions, or any other condition. In this tutorial, we’ll guide you through creating and applying custom middleware in Laravel 11.

Step 1: Install Laravel 11

To get started, install a fresh Laravel 11 application using Composer:

composer create-project --prefer-dist laravel/laravel laravel-11-example

This will set up a new Laravel 11 project named laravel-11-example.

Step 2: Create Middleware

Next, create your custom middleware using the Artisan command:

php artisan make:middleware RoleMiddleware

The newly created middleware file will be located at:

app/Http/Middleware/RoleMiddleware.php

Update the RoleMiddleware.php file with the following code:

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Symfony\Component\HttpFoundation\Response;

class RoleMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param \Illuminate\Http\Request $request
     * @param \Closure $next
     * @param string $role
     * @return mixed
     */
    public function handle(Request $request, Closure $next, $role)
    {
        $user = Auth::user();
        if (!$user || $user->role->name !== $role) {
            return redirect('/404')->with('error', 'Unauthorized access.');
        }
        return $next($request);
    }
}

This middleware checks the user’s role and redirects unauthorized users to a “404” page with an error message.

Step 3: Register Middleware

Register your custom middleware in the bootstrap/app.php file:

<?php

use Illuminate\Foundation\Application;
use App\Http\Middleware\RoleMiddleware;
use Illuminate\Foundation\Configuration\Exceptions;
use Illuminate\Foundation\Configuration\Middleware;

return Application::configure(basePath: dirname(__DIR__))
    ->withRouting(
        web: __DIR__.'/../routes/web.php',
        commands: __DIR__.'/../routes/console.php',
        health: '/up',
    )
    ->withMiddleware(function (Middleware $middleware) {
        $middleware->alias([
            'role' => RoleMiddleware::class
        ]);
    })
    ->withExceptions(function (Exceptions $exceptions) {
        //
    })->create();

By adding the role alias, the middleware is ready to be applied to routes.

Step 4: Apply Middleware

Now, you can apply the middleware to routes. For example, to restrict certain routes to admin users, update the routes/web.php file:

<?php

use Illuminate\Support\Facades\Route;

Route::middleware(['auth', 'role:admin'])->group(function () {
    Route::get('/users', [AdminController::class, 'users'])->name('admin.users');
});

Here, the role:admin middleware ensures only users with the admin role can access the /users route.

Step 5: Run the Laravel 11 Application

Finally, start your Laravel application using the following command:

php artisan serve

Visit your application at http://localhost:8000. Test the functionality by accessing routes with appropriate user roles.

Conclusion

In this tutorial, you’ve learned how to create and apply custom middleware in Laravel 11. Middleware is a powerful tool for managing application access and ensuring robust security.

For more Laravel tips and tricks, stay tuned to WasDevLab—your lab for all things Laravel and beyond!

Keywords:

• Laravel 11 middleware tutorial
• Custom middleware in Laravel
• Laravel 11 role-based access
• Create middleware Laravel 11
• Laravel 11 route protection