Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

stratboy's avatar

Auth middleware, where and why

Hi, I'm taking a look to middlewares, particularly the Auth one. Using Breeze. For now, I used it both on routes and in controllers. I see that creating a resource like this:

Route::resource('semi', SeedController::class);

It doesn't use any auth middleware, so I added them in controller like this:

  public function __construct(){
    $this->middleware('auth')->only(['create', 'store', 'update', 'destroy']);
  }

Also, I can add middlewares directly to routes or with groups like this, which is done by Breeze, and then I added a route of mine:

Route::middleware('auth')->group(function () {
    Route::get('/profile', [ProfileController::class, 'edit'])->name('profile.edit');
    Route::patch('/profile', [ProfileController::class, 'update'])->name('profile.update');
    Route::delete('/profile', [ProfileController::class, 'destroy'])->name('profile.destroy');
    Route::get('/semi/manage', [SeedController::class, 'manage']);
});

Well, is there any inner difference between using middlewares on routes or defining them in controllers?

Also, when using Route::resource, is there any way to add a middleware only for certain actions/routes, without doing this in the related controller as I did? Just curious. Maybe using ->only() and ->except() for assigning middlewares? Is is it a good practice? I mean:

Route::resource('semi', SeedController::class)->only(['index', 'show'])
Route::resource('semi', SeedController::class)->except(['index', 'show'])->middleware('auth');
0 likes
3 replies
LaryAI's avatar
LaryAI
AI
2 years ago
Level 58

Middleware in Laravel can be applied in both routes and controllers, and they serve as a powerful feature for filtering HTTP requests entering your application. Here's a breakdown of the differences and how you can apply middleware to resource routes:

Applying Middleware in Routes vs Controllers

Routes:

  • Applying middleware to routes is explicit and immediately visible to anyone reviewing the route definitions.
  • It's easier to see the middleware applied to a group of routes at a glance.
  • Good for applying middleware to a few routes without cluttering the controller constructor.

Controllers:

  • Applying middleware in the controller constructor can be more convenient when many methods in the controller require the same middleware.
  • It allows for more granular control, such as applying middleware only to specific methods using only or except.
  • Keeps route definitions cleaner if many middlewares are applied to many methods.

Applying Middleware to Resource Routes

When using Route::resource, you can apply middleware to specific actions by chaining the middleware method onto the route definition. However, this applies the middleware to all actions of the resource controller. To apply middleware to specific actions, you would typically do this within the controller's constructor, as you've done.

However, if you want to apply middleware to specific resource routes without touching the controller, you can use a combination of Route::resource and explicit route definitions. Here's how:

// Apply middleware to all actions of a resource controller
Route::middleware('auth')->group(function () {
    Route::resource('semi', SeedController::class);
});

// Apply middleware to specific actions by defining them separately
Route::middleware('auth')->group(function () {
    Route::get('/semi/create', [SeedController::class, 'create'])->name('semi.create');
    Route::post('/semi', [SeedController::class, 'store'])->name('semi.store');
    // ... other routes with auth middleware
});

// Define the resource without the create and store actions
Route::resource('semi', SeedController::class)->except(['create', 'store']);

In the example above, we've applied the auth middleware to the create and store actions by defining those routes separately. Then, we define the resource route for semi without the create and store actions using except. This way, you can apply middleware to specific actions of a resource controller without modifying the controller itself.

Remember that this approach can lead to some duplication and potentially make your routes file more verbose, so it's a trade-off between explicitness in your routes file and conciseness in your controller.

shadkamel's avatar

hello, i think this is what you are searching for:

// Apply middleware to only index and show methods
Route::resource('example', 'ExampleController')->only(['index', 'show']);

// Apply middleware to the rest of the resource methods
Route::resource('example', 'ExampleController')->except(['index', 'show'])
    ->middleware('exampleMiddleware');

alternative is:

Route::get('example', 'ExampleController@index')->name('example.index');
Route::get('example/create', 'ExampleController@create')->name('example.create')->middleware('exampleMiddleware');
Route::post('example', 'ExampleController@store')->name('example.store')->middleware('exampleMiddleware');
1 like

Please or to participate in this conversation.