Middlewares
- Introduction
- NotFoundMiddleware
- AuthenticationMiddleware
- AuthorizationMiddleware
- FractalMiddleware
- CorsMiddleware
- OptionsResponseMiddleware
- RequestIdMiddleware
- UrlQueryMiddleware
Introduction
Middleware either does configuration work or blocks the request when certain conditions aren't met. Requests are blocked by exceptions. By using exceptions we catch all unintended requests and handle them in a consistent way. Read more on exceptions.
NotFoundMiddleware
Throws a new Prest\Exception\Http\NotFoundException
with Prest\Constants\ErrorCodes
code when an endpoint does not exist (on Phalcon's beforeNotFound
event).
use Prest\Middleware\NotFoundMiddleware;
$api->attach(new NotFoundMiddleware());
AuthenticationMiddleware
Authenticates a session token that either has been passed as a query parameter ?token
or as an Authorization
header with prefixed by Bearer
. Throws a new Prest\Exception\AuthException
with Prest\Constants\ErrorCodes::AUTH_TOKEN_INVALID
code when an invalid token has been passed or with Prest\Constants\ErrorCodes::AUTH_SESSION_EXPIRED
code when an expired token has been passed.
use Prest\Middleware\AuthenticationMiddleware;
$api->attach(new AuthenticationMiddleware());
AuthorizationMiddleware
Throws a new Prest\Exception\AuthorizationException
with Prest\Constants\ErrorCodes::ACCESS_DENIED
when the endpoint is not authorized (ex. excluded for this particular user).
use Prest\Middleware\AuthorizationMiddleware;
$api->attach(new AuthorizationMiddleware());
FractalMiddleware
Configures which includes need to be included in responses managed by the Fractal Manager service.
use Prest\Middleware\FractalMiddleware;
$api->attach(new FractalMiddleware());
CorsMiddleware
Allows all origins provided to make CORS (Cross-origin resource sharing) requests.
use Prest\Middleware\CorsMiddleware;
$api->attach(new CorsMiddleware([
'acme.com',
'acme.net',
]);
Wildcard can also be used:
$api->attach(new CorsMiddleware(['*']);
OptionsResponseMiddleware
Responds to all OPTION
(preflight) requests with a 200 OK
response.
use Prest\Middleware\OptionsResponseMiddleware;
$api->attach(new OptionsResponseMiddleware());
RequestIdMiddleware
Add a unique X-Request-Id
header to each request for logging and debugging purposes.
use Prest\Middleware\RequestIdMiddleware;
$api->attach(new RequestIdMiddleware());
UrlQueryMiddleware
Updates the global query by parsing url query syntax. Read more on URL Query Syntax.