Aurora

Middleware

As an extendable framework, Aurora supports PSR-15 middleware for the entire application or for specific controllers.

PSR-15 middleware implements the MiddlewareInterface and as such must implement a process() method that receives a ServerRequestInterface and a RequestHandlerInterface to return a ResponseInterface.

To create a middleware class run the command:

php aurora create:middleware AuthMiddleware

The command described above will create a file named AuthMiddleware.php in your app/Http/Middleware directory with the following structure:

<?php

declare(strict_types = 1);

namespace App\Http\Middleware;

use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Message\Response;

class AuthMiddleware implements MiddlewareInterface {

    /**
     * Process request
     * @param  ServerRequestInterface  $request Request implementation
     * @param  RequestHandlerInterface $handler RequestHandler implementation
     * @return ResponseInterface
     */
    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface {
        return $handler->handle($request);
    }
}

If you're familiar with the PSR-15 spec, you'll know that there middleware runs at two stages: before and after the response generation.

Running your middleware before the response has been generated allows you to tap into the request, process or validate it and in case the logic determines that the request is not valid, return a response with an error code, for example:

public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface {
    if (! $this->validateRequest($request) ) {
        $factory = resolve(ResponseFactoryInterface::class);
        $response = $factory->createResponse(403);
        return $response;
    } else {
        $response = $handler->handle($request);
        return $response;
    }
}

Note that we've used a ResponseFactoryInterface from the PSR-17 spec to create the response and that we're using an example validateRequest() method to perform the validation. If the request is deemed valid, we pass the request to the next handler but if we detect a problem, we return a new response with a 403 HTTP status code.

On the other hand, running your middleware after the response has been generated allows you to tap into the response, for example to add new headers or modify the body contents:

public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface {
    $response = $handler->handle($request);
    return $response->withHeader('Content-Security-Policy', "default-src 'self'");
}

Using Middleware

To add middleware to your application's stack just use the with() method and pass the middleware class name:

use Aurora\App\WebApp;
use App\Http\Middleware\CspMiddleware;

class App extends WebApp {

    function start() {
        $this->with(CspMiddleware::class);
    }
}

Next up, Routing.