Custom Middleware

Sometimes there’s a need to restrict the api calls by specific domain related logic.

For this situations it’s possible to create your own middleware.

demo_photos-show:
  path:         api/demo/photos/{photo}
  controller:   LMS\Demo\Controller\PhotoApiController::show
  methods:      GET
  format:       json
  requirements:
    photo:      \d+
  defaults:
    plugin:     PhotoApi
    photo:
  options:
    middleware:
      - Vendor\Extension\Middleware\Api\CheckRoleMiddleware:editor

<?php
    declare(strict_types = 1);

    namespace Vendor\Extension\Middleware\Api;

    class CheckRoleMiddleware extends \LMS\Routes\Middleware\Api\AbstractRouteMiddleware
    {
        /**
        * {@inheritDoc}
        */
        public function process(): void
        {
            if ($this->getMiddlewareRole() === $user->getRole()) {
                return;
            }

            $this->deny('I deny, because i can...', 401);
        }

        private function getMiddlewareRole(): string
        {
            return (string)$this->getProperties()[0];
        }
    }

Retrieve middleware parameters

To get the parameters that is set for middleware you can use the

$this->getProperties() function which basically returns an array that contains all the parameters by it’s index.

middleware:
    - Vendor\Extension\Middleware\Api\CheckRoleMiddleware:editor,15

$this->getProperties() // [0 => 'editor' , 1 => 15]

$this->getProperties()[0] // editor

$this->getProperties()[1] // 15

Retrieve user who performed the request in the middleware

There’s a handy method $this->getUser() which returns the uid of the user who had performed the request.