Tutorial Laravel #18: Middleware di Laravel

1. Apa itu Middleware?

Middleware adalah lapisan yang memfilter HTTP request sebelum sampai ke controller. Bayangkan middleware seperti checkpoint - setiap request harus melewatinya terlebih dahulu. Contoh penggunaan: cek apakah user sudah login, cek role/permission, log request, throttle rate limit, dsb.

2. Middleware Bawaan Laravel

Laravel sudah menyediakan beberapa middleware siap pakai:

  • auth - pastikan user sudah login
  • guest - hanya untuk user yang belum login
  • verified - pastikan email sudah diverifikasi
  • throttle:60,1 - rate limiting (60 request per menit)
  • can:permission - cek authorization permission
// Pakai di route
Route::get('/dashboard', [DashboardController::class, 'index'])->middleware('auth');

Route::middleware(['auth', 'verified'])->group(function () {
    Route::resource('artikel', ArtikelController::class);
});

3. Membuat Custom Middleware

php artisan make:middleware IsAdmin
php artisan make:middleware CheckAktif
<?php
// app/Http/Middleware/IsAdmin.php
namespace AppHttpMiddleware;

use Closure;
use IlluminateHttpRequest;
use SymfonyComponentHttpFoundationResponse;

class IsAdmin
{
    public function handle(Request $request, Closure $next): Response
    {
        // Cek apakah user sudah login dan punya role admin
        if (!auth()->check() || auth()->user()->role !== 'admin') {
            // Redirect atau return error
            abort(403, 'Akses ditolak. Halaman ini hanya untuk admin.');
        }

        // Lolos cek - teruskan request ke controller
        return $next($request);
    }
}

4. Mendaftarkan Middleware (Laravel 11)

<?php
// bootstrap/app.php (Laravel 11)
use AppHttpMiddlewareIsAdmin;

return Application::configure(basePath: dirname(__DIR__))
    ->withMiddleware(function (Middleware $middleware) {
        // Daftarkan alias middleware
        $middleware->alias([
            'is_admin' => IsAdmin::class,
        ]);
    })
    ->create();

5. Menggunakan Middleware di Route

// Single middleware
Route::get('/admin', [AdminController::class, 'index'])->middleware('is_admin');

// Multiple middleware
Route::get('/admin/settings', [SettingsController::class, 'index'])
     ->middleware(['auth', 'is_admin']);

// Group dengan middleware
Route::prefix('admin')->middleware(['auth', 'is_admin'])->name('admin.')->group(function () {
    Route::get('/dashboard', [AdminController::class, 'dashboard'])->name('dashboard');
    Route::resource('users', AdminUserController::class);
});

6. Middleware dengan Parameter

<?php
// Middleware dengan parameter
class CheckRole
{
    public function handle(Request $request, Closure $next, string ...$roles): Response
    {
        if (!in_array(auth()->user()->role, $roles)) {
            abort(403);
        }
        return $next($request);
    }
}

// Pakai di route
Route::get('/editor', fn() => 'halaman editor')->middleware('role:admin,editor');
Route::get('/admin', fn() => 'halaman admin')->middleware('role:admin');

7. Before dan After Middleware

class LogRequest
{
    public function handle(Request $request, Closure $next): Response
    {
        // Before middleware - dijalankan SEBELUM request sampai ke controller
        Log::info('Request masuk: ' . $request->path());

        $response = $next($request);   // teruskan ke controller

        // After middleware - dijalankan SETELAH controller selesai
        Log::info('Response dikirim: ' . $response->getStatusCode());

        return $response;
    }
}

8. Ringkasan

  • Middleware memfilter request sebelum masuk ke controller
  • Buat middleware dengan php artisan make:middleware NamaMiddleware
  • Daftarkan alias di bootstrap/app.php (Laravel 11)
  • Pakai di route dengan ->middleware('nama') atau di group

Tutorial berikutnya membahas authentication dasar Laravel.

ariq fadhil
Software Engineer

Im Ariq Tech, a Top Rated Fullstack Developer with 5+ years of experience, delivering high-quality solutions across 50+ projects.