What is laravel middleware? Interpretation of Laravel middleware (Middleware)-PHP Tutorial-php.cn

In Laravel, middleware, as the name suggests, intercepts request data, verifies data, and determines whether to allow entry to the next middleware after logical processing between requests and responses; middleware is divided into prefixes Middleware, post-middleware; can be used for permission authentication, logging, etc.

What is laravel middleware? Interpretation of Laravel middleware (Middleware)

Middleware (Middleware) in Laravel plays the role of filtering the HTTP request object (Request) entering the application and improving the HTTP response object (Reponse) leaving the application. function, and can filter requests layer by layer and gradually improve the response by applying multiple middlewares. This achieves decoupling of the program. If there is no middleware, we must complete these steps in the controller, which will undoubtedly cause the controller to be bloated.

To give a simple example, on an e-commerce platform, a user can be either an ordinary user shopping on the platform or a seller user after opening a store. The user system of these two types of users is often the same. set, then in the controller that only seller users can access, we only need to apply two middlewares to complete the identity authentication of seller users:

class MerchantController extends Controller$
{
    public function __construct()
    {
        $this->middleware(&#39;auth&#39;);
        $this->middleware(&#39;mechatnt_auth&#39;);
    }
}

Copy after login

Do universal user authentication in the auth middleware. After success The HTTP Request will go to the merchant_auth middleware to authenticate the merchant user information. After both middleware are passed, the HTTP Request can enter the desired controller method. Using middleware, we can extract these authentication codes into corresponding middleware, and we can freely combine multiple middleware according to needs to filter HTTP Requests.

Another example is the VerifyCsrfToken middleware that Laravel automatically applies to all routes. When HTTP Requst enters the application and passes through the VerifyCsrfToken middleware, the Token will be verified to prevent cross-site request forgery. , appropriate cookies will be added to the response before the Http Response leaves the application. (Starting from laravel 5.5, CSRF middleware is only automatically applied to web routing)

In the above example, the one that filters the request is called the pre-middleware, and the one that completes the response is called the post-middleware. A picture can be used to mark the entire process:
What is laravel middleware? Interpretation of Laravel middleware (Middleware)

The above outlines the role of middleware in laravel, and what type of code should be moved from the controller to the middleware. As for how To define and use your own laravel middleware, please refer to the official documentation.

Let’s take a look at how middleware is implemented in Laravel. The design of middleware applies a design pattern called the decorator. If you still don’t know what the decorator pattern is, you can check out the design pattern. For related books, you can also briefly refer to this article.

After Laravel instantiates Application, it will parse the Http Kernel object from the service container. It can also be seen from the name of the class that Http Kernel is the core responsible for HTTP requests and responses in Laravel.

/**
 * @var \App\Http\Kernel $kernel
 */
$kernel = $app->make(Illuminate\Contracts\Http\Kernel::class);

$response = $kernel->handle(
    $request = Illuminate\Http\Request::capture()
);

$response->send();

$kernel->terminate($request, $response);

Copy after login

You can see in index.php that the Http Kernel is parsed from the service container because it is bound ## in bootstrap/app.php #Illuminate\Contracts\Http\KernelThe implementation class of the interfaceApp\Http\KernelSo $kernel is actually an object of the App\Http\Kernel class. After parsing out the Http Kernel, Laravel passes the request object entering the application to the handle method of the Http Kernel. The handle method is responsible for processing the request object flowing into the application and returning the response object.

/**
 * Handle an incoming HTTP request.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return \Illuminate\Http\Response
 */
public function handle($request)
{
    try {
        $request->enableHttpMethodParameterOverride();

        $response = $this->sendRequestThroughRouter($request);
    } catch (Exception $e) {
        $this->reportException($e);

        $response = $this->renderException($request, $e);
    } catch (Throwable $e) {
        $this->reportException($e = new FatalThrowableError($e));

        $response = $this->renderException($request, $e);
    }

    $this->app[&#39;events&#39;]->dispatch(
        new Events\RequestHandled($request, $response)
    );

    return $response;
}

Copy after login

The process of middleware filtering application occurs in

$this->sendRequestThroughRouter($request):

/**
 * Send the given request through the middleware / router.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return \Illuminate\Http\Response
 */
protected function sendRequestThroughRouter($request)
{
    $this->app->instance(&#39;request&#39;, $request);

    Facade::clearResolvedInstance(&#39;request&#39;);

    $this->bootstrap();

    return (new Pipeline($this->app))
                ->send($request)
                ->through($this->app->shouldSkipMiddleware() ? [] : $this->middleware)
                ->then($this->dispatchToRouter());
}

Copy after login

The first half of this method is to apply Initialization, this part is explained in detail in the previous article explaining service providers. Laravel transmits the request object through the Pipeline object. In the Pipeline, the request object reaches an action of the controller through the pre-operation of the middleware defined in the Http Kernel or direct closure processing to obtain the response object.

Look at these methods in Pipeline:

public function send($passable)
{
    $this->passable = $passable;

    return $this;
}

public function through($pipes)
{
    $this->pipes = is_array($pipes) ? $pipes : func_get_args();

    return $this;
}

public function then(Closure $destination)
{
    $firstSlice = $this->getInitialSlice($destination);
    
    //pipes 就是要通过的中间件
    $pipes = array_reverse($this->pipes);

    //$this->passable就是Request对象
    return call_user_func(
        array_reduce($pipes, $this->getSlice(), $firstSlice), $this->passable
    );
}


protected function getInitialSlice(Closure $destination)
{
    return function ($passable) use ($destination) {
        return call_user_func($destination, $passable);
    };
}

//Http Kernel的dispatchToRouter是Piple管道的终点或者叫目的地
protected function dispatchToRouter()
{
    return function ($request) {
        $this->app->instance(&#39;request&#39;, $request);

        return $this->router->dispatch($request);
    };
}

Copy after login

The above function looks confusing. Let’s first look at the explanation of its callback function parameters in array_reduce:

mixed array_reduce ( array $array , callable $callback [, mixed $initial = NULL ] )

array_reduce() iteratively applies the callback function callback to each unit in the array array, thereby simplifying the array into a single value.
callback ( mixed $carry , mixed $item )
carry
Carry the value in the last iteration; if this iteration is the first time, then this value is initial. item carries the value of this iteration.

getInitialSlice method, its return value is the initial value of the $carry parameter passed to the callbakc function. This value is now a closure. I use the getInitialSlice and Http Kernel dispatchToRouter methods. Merge it, now the value of $firstSlice is:

$destination = function ($request) {
    $this->app->instance(&#39;request&#39;, $request);
    return $this->router->dispatch($request);
};

$firstSlice = function ($passable) use ($destination) {
    return call_user_func($destination, $passable);
};

Copy after login

Next let’s look at the callback of array_reduce:

//Pipeline 
protected function getSlice()
{
    return function ($stack, $pipe) {
        return function ($passable) use ($stack, $pipe) {
            try {
                $slice = parent::getSlice();

                return call_user_func($slice($stack, $pipe), $passable);
            } catch (Exception $e) {
                return $this->handleException($passable, $e);
            } catch (Throwable $e) {
                return $this->handleException($passable, new FatalThrowableError($e));
            }
        };
    };
}

//Pipleline的父类BasePipeline的getSlice方法
protected function getSlice()
{
    return function ($stack, $pipe) {
        return function ($passable) use ($stack, $pipe) {
            if ($pipe instanceof Closure) {
                return call_user_func($pipe, $passable, $stack);
            } elseif (! is_object($pipe)) {
                //解析中间件名称和参数 (&#39;throttle:60,1&#39;)
                list($name, $parameters) = $this->parsePipeString($pipe);
                $pipe = $this->container->make($name);
                $parameters = array_merge([$passable, $stack], $parameters);
            } else{
                $parameters = [$passable, $stack];
            }
            //$this->method = handle
            return call_user_func_array([$pipe, $this->method], $parameters);
        };
    };
}

Copy after login

Note: The name of the getSlice method has been changed in Laravel 5.5 version It has become a carry. There is no logical difference between the two, so you can still read this article with reference to the middleware code in version 5.5.

getSlice会返回一个闭包函数, $stack在第一次调用getSlice时它的值是$firstSlice, 之后的调用中就它的值就是这里返回的值个闭包了：

$stack = function ($passable) use ($stack, $pipe) {
            try {
                $slice = parent::getSlice();

                return call_user_func($slice($stack, $pipe), $passable);
            } catch (Exception $e) {
                return $this->handleException($passable, $e);
            } catch (Throwable $e) {
                return $this->handleException($passable, new FatalThrowableError($e));
            }
 };

Copy after login

getSlice返回的闭包里又会去调用父类的getSlice方法，他返回的也是一个闭包，在闭包会里解析出中间件对象、中间件参数(无则为空数组), 然后把$passable(请求对象), $stack和中间件参数作为中间件handle方法的参数进行调用。

上面封装的有点复杂，我们简化一下，其实getSlice的返回值就是:

$stack = function ($passable) use ($stack, $pipe) {
                //解析中间件和中间件参数，中间件参数用$parameter代表，无参数时为空数组
               $parameters = array_merge([$passable, $stack], $parameters)
               return $pipe->handle($parameters)
};

Copy after login

array_reduce每次调用callback返回的闭包都会作为参数$stack传递给下一次对callback的调用，array_reduce执行完成后就会返回一个嵌套了多层闭包的闭包，每层闭包用到的外部变量$stack都是上一次之前执行reduce返回的闭包，相当于把中间件通过闭包层层包裹包成了一个洋葱。

在then方法里，等到array_reduce执行完返回最终结果后就会对这个洋葱闭包进行调用:

return call_user_func( array_reduce($pipes, $this->getSlice(), $firstSlice), $this->passable);

Copy after login

这样就能依次执行中间件handle方法，在handle方法里又会去再次调用之前说的reduce包装的洋葱闭包剩余的部分，这样一层层的把洋葱剥开直到最后。通过这种方式让请求对象依次流过了要通过的中间件，达到目的地Http Kernel 的dispatchToRouter方法。

通过剥洋葱的过程我们就能知道为什么在array_reduce之前要先对middleware数组进行反转, 因为包装是一个反向的过程, 数组$pipes中的第一个中间件会作为第一次reduce执行的结果被包装在洋葱闭包的最内层，所以只有反转后才能保证初始定义的中间件数组中第一个中间件的handle方法会被最先调用。

上面说了Pipeline传送请求对象的目的地是Http Kernel 的dispatchToRouter方法，其实到远没有到达最终的目的地，现在请求对象了只是刚通过了\App\Http\Kernel类里$middleware属性里罗列出的几个中间件：

protected $middleware = [
    \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
    \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
    \App\Http\Middleware\TrimStrings::class,
    \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
    \App\Http\Middleware\TrustProxies::class,
];

Copy after login

当请求对象进入Http Kernel的dispatchToRouter方法后，请求对象在被Router dispatch派发给路由时会进行收集路由上应用的中间件和控制器里应用的中间件。

namespace Illuminate\Foundation\Http;
class Kernel implements KernelContract
{
    protected function dispatchToRouter()
    {
        return function ($request) {
            $this->app->instance(&#39;request&#39;, $request);

            return $this->router->dispatch($request);
        };
    }
}


namespace Illuminate\Routing;
class Router implements RegistrarContract, BindingRegistrar
{    
    public function dispatch(Request $request)
    {
        $this->currentRequest = $request;

        return $this->dispatchToRoute($request);
    }
    
    public function dispatchToRoute(Request $request)
    {
        return $this->runRoute($request, $this->findRoute($request));
    }
    
    protected function runRoute(Request $request, Route $route)
    {
        $request->setRouteResolver(function () use ($route) {
            return $route;
        });

        $this->events->dispatch(new Events\RouteMatched($route, $request));

        return $this->prepareResponse($request,
            $this->runRouteWithinStack($route, $request)
        );
    }
    
    protected function runRouteWithinStack(Route $route, Request $request)
    {
        $shouldSkipMiddleware = $this->container->bound(&#39;middleware.disable&#39;) &&
                            $this->container->make(&#39;middleware.disable&#39;) === true;
        //收集路由和控制器里应用的中间件
        $middleware = $shouldSkipMiddleware ? [] : $this->gatherRouteMiddleware($route);

        return (new Pipeline($this->container))
                    ->send($request)
                    ->through($middleware)
                    ->then(function ($request) use ($route) {
                        return $this->prepareResponse(
                            $request, $route->run()
                        );
                    });
    
    }
}

Copy after login

收集完路由和控制器里应用的中间件后，依然是利用Pipeline对象来传送请求对象通过收集上来的这些中间件然后到达最终的目的地，在那里会执行路由对应的控制器方法生成响应对象，然后响应对象会依次来通过上面应用的所有中间件的后置操作，最终离开应用被发送给客户端。

限于篇幅和为了文章的可读性，收集路由和控制器中间件然后执行路由对应的处理方法的过程我就不在这里详述了，感兴趣的同学可以自己去看Router的源码，本文的目的还是主要为了梳理laravel是如何设计中间件的以及如何执行它们的，希望能对感兴趣的朋友有帮助。

以上就是本文的全部内容，希望对大家的学习有所帮助，更多相关内容请关注PHP中文网！