Kotchasan Framework Documentation

Kotchasan Framework Documentation

Middleware System

EN 05 Feb 2026 06:23

Middleware System

Kotchasan Framework supports a Middleware system for handling HTTP Requests and Responses, enabling Layered architecture for Authentication, Logging, CORS, or Rate Limiting.

Overview

Middleware is a class that extends Kotchasan\Http\Middleware\BaseMiddleware (or implements MiddlewareInterface). It intercepts requests before they reach the Controller or processes responses after they leave the Controller.

Basic Structure

namespace App\Middleware;

use Kotchasan\Http\Middleware\BaseMiddleware;
use Kotchasan\Http\Request;

class MyMiddleware extends BaseMiddleware
{
    /**
     * Handle Request
     */
    public function handle(Request $request, ?callable $next = null)
    {
        // 1. Pre-process (Before Next Middleware/Controller)
        if ($request->header('X-Block') === 'True') {
            return $this->createErrorResponse(403, 'Forbidden', 'Blocked by Middleware');
        }

        // 2. Call Next Middleware
        $response = $this->callNext($request, $next);

        // 3. Post-process (After Response) - Optional
        // $response->withHeader('X-Processed-By', 'MyMiddleware');

        return $response;
    }
}

Built-in Middleware

Kotchasan provides standard middleware in Kotchasan\Http\Middleware:

BasicAuthMiddleware

Handles HTTP Basic Authentication.

use Kotchasan\Http\Middleware\BasicAuthMiddleware;

// Validate with credential
$auth = BasicAuthMiddleware::withCredentials('admin', 'password');
// Or validate from array
$auth = BasicAuthMiddleware::withUsers(['admin' => '1234']);

BearerTokenAuthMiddleware

Handles Bearer Token Authentication.

use Kotchasan\Http\Middleware\BearerTokenAuthMiddleware;

$auth = new BearerTokenAuthMiddleware(function($token) {
    // Validate Token Logic
    return $token === 'valid-token';
});

JwtMiddleware

Handles JSON Web Token (JWT) validation.

use Kotchasan\Http\Middleware\JwtMiddleware;

$jwt = new JwtMiddleware('your-secret-key');

Implementation

Middleware allows implementing cross-cutting concerns cleanly.

Usage in Controller

public function index(Request $request)
{
    $middleware = new MyMiddleware();
    // Pass $this->process as callable for middleware to call upon success
    return $middleware->handle($request, [$this, 'process']);
}

public function process(Request $request)
{
    return Response::makeOk(['data' => 'success']);
}