Middlewares

Mezzio allows you to build applications outside of pipeline and routed middleware. Pipeline middleware is the middleware that defines your application's workflow. These typically run on every execution of the application and include example functions such as:

  • Error handler
  • Language determination
  • Session settings
  • Authentication and authorization

Routed middleware is middleware that responds only to certain URI paths and HTTP methods. As an example, you might want a middleware that only responds to HTTP POST requests to the /users path.

Mezzio allows you to define middleware using any of the following:

PSR-15 Middleware Example

The PSR-15 specification covers the HTTP server middleware and request handlers that consume PSR-7 HTTP messages. Mezzio accepts both middleware that implements MiddlewareInterface and request handlers that implement RequestHandlerInterface.

For example:

src/App/Middleware/SomeMiddleware.php

use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;

class SomeMiddleware implements MiddlewareInterface
{
    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler) : ResponseInterface
    {
        // do something and return a response, or
        // delegate to another request handler capable
        // of returning a response via:
        //
        // return $handler->handle($request);
    }
}

Configuration

In your application, operations such as including and removing Mezzio middle middleware are done in the config/pipeline.php file, as in the example below.

config/pipeline.php

// Pipeline middleware:
$app->pipe([
    FirstMiddleware::class,
    SecondMiddleware::class,
]);

// Routed middleware:
$app->get('/foo', [
    FirstMiddleware::class,
    SecondMiddleware::class,
]);

Values in these arrays can be any valid middleware type as defined in this section.

Authentication Middleware

Below is an example of the widely used JwtAuthenticationMiddleware class, which performs authentication checks in your application.

src/App/Middleware/JwtAuthenticationMiddleware.php

<?php

declare(strict_types=1);

namespace App\Middleware;

use Mezzio\Authentication\UserInterface;
use Mezzio\Authentication\AuthenticationInterface;
use Firebase\JWT\ExpiredException;
use Laminas\Diactoros\Response\JsonResponse;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Laminas\I18n\Translator\TranslatorInterface as Translator;

class JwtAuthenticationMiddleware implements MiddlewareInterface
{
    /**
     * @var AuthenticationInterface
     */
    protected $auth;

    public function __construct(AuthenticationInterface $auth, Translator $translator)
    {
        $this->auth = $auth;
        $this->translator = $translator;
    }

    /**
     * {@inheritDoc}
     */
    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler) : ResponseInterface
    {        
        try {
            $user = $this->auth->authenticate($request);
            if (null !== $user) {
                return $handler->handle($request->withAttribute(UserInterface::class, $user));
            }
        } catch (ExpiredException $e) {

            // 401 Unauthorized response
            // Response Header = 'Token-Expired: true'

            return new JsonResponse(['data' => ['error' => $this->translator->translate('Token Expired')]], 401, ['Token-Expired' => 1]);
        }
        return $this->auth->unauthorizedResponse($request);
    }
}
This documents is available for subscribers only

Get Full Accesss