Middlewares

• Introduction
• NotFoundMiddleware
• AuthenticationMiddleware
• AuthorizationMiddleware
• FractalMiddleware
• CorsMiddleware
• OptionsResponseMiddleware
• RequestIdMiddleware
• UrlQueryMiddleware

Introduction

Middleware either does configuration work or blocks the request when certain conditions aren't met. Requests are blocked by exceptions. By using exceptions we catch all unintended requests and handle them in a consistent way. Read more on exceptions.

NotFoundMiddleware

Throws a new Prest\Exception\Http\NotFoundException with Prest\Constants\ErrorCodes code when an endpoint does not exist (on Phalcon's beforeNotFound event).

use Prest\Middleware\NotFoundMiddleware;

$api->attach(new NotFoundMiddleware());

AuthenticationMiddleware

Authenticates a session token that either has been passed as a query parameter ?token or as an Authorization header with prefixed by Bearer. Throws a new Prest\Exception\AuthException with Prest\Constants\ErrorCodes::AUTH_TOKEN_INVALID code when an invalid token has been passed or with Prest\Constants\ErrorCodes::AUTH_SESSION_EXPIRED code when an expired token has been passed.

use Prest\Middleware\AuthenticationMiddleware;

$api->attach(new AuthenticationMiddleware());

AuthorizationMiddleware

Throws a new Prest\Exception\AuthorizationException with Prest\Constants\ErrorCodes::ACCESS_DENIED when the endpoint is not authorized (ex. excluded for this particular user).

use Prest\Middleware\AuthorizationMiddleware;

$api->attach(new AuthorizationMiddleware());

FractalMiddleware

Configures which includes need to be included in responses managed by the Fractal Manager service.

use Prest\Middleware\FractalMiddleware;

$api->attach(new FractalMiddleware());

CorsMiddleware

Allows all origins provided to make CORS (Cross-origin resource sharing) requests.

use Prest\Middleware\CorsMiddleware;

$api->attach(new CorsMiddleware([
  'acme.com',
  'acme.net',
]);

Wildcard can also be used:

$api->attach(new CorsMiddleware(['*']);

OptionsResponseMiddleware

Responds to all OPTION (preflight) requests with a 200 OKresponse.

use Prest\Middleware\OptionsResponseMiddleware;

$api->attach(new OptionsResponseMiddleware());

RequestIdMiddleware

Add a unique X-Request-Id header to each request for logging and debugging purposes.

use Prest\Middleware\RequestIdMiddleware;

$api->attach(new RequestIdMiddleware());

UrlQueryMiddleware

Updates the global query by parsing url query syntax. Read more on URL Query Syntax.