There are three ways to apply middleware in Laravel: directly within a single route, routing group, or controller. First, you can use the ->middleware() method to specify middleware or middleware arrays for a single route, such as Route::get('/dashboard')->middleware('auth'); or ->middleware(['auth', 'admin']); Second, you can apply middleware to a routing group through Route::middleware([...])->group() so that all routes in the group inherit the middleware stack; Third, you can call $this->middleware() in the controller constructor to define controller-level middleware, and you can restrict application methods through ->only() or ->except(); in addition, you can create custom middleware through Artisan and register it in the Kernel for reuse.

In Laravel, applying middleware to routes is straightforward and flexible — you can do it directly on individual routes, groups of routes, or even within controllers.

What Middleware Does in Laravel

Middleware works like a filter for HTTP requests entering your app. It lets you check or modify the request before it reaches the route handler — things like authentication checks, logging, or CORS headers are common use cases.

Apply Middleware to a Single Route

If you want to apply middleware to just one specific route, you can do it inline when defining the route.

For example, if you have a route that should only be accessible by authenticated users:

 Route::get('/dashboard', function () {
    // Your logic here
})->middleware('auth');

You can also apply multiple middlewares by passing an array:

 Route::get('/admin', function () {
    // Admin dashboard
})->middleware(['auth', 'admin']);

This method is great when you need fine-grained control over which routes get which middleware.

Apply Middleware to a Group of Routes

Most apps have sections that share the same middleware — like admin pages needing an admin middleware or API routes needing auth:sanctum .

You can wrap those routes in a group:

 Route::middleware(['auth', 'admin'])->prefix('admin')->group(function () {
    Route::get('/users', function () { /* ... */ });
    Route::get('/settings', function () { /* ... */ });
});

This way, all routes inside the group inherit the middleware stack, and you don't have to repeat yourself.

Assign Middleware Inside a Controller

Sometimes it makes more sense to define middleware at the controller level instead of the route file.

In your controller's constructor, you can do this:

 public function __construct()
{
    $this->middleware('auth');
}

Or restrict middleware to certain methods:

 $this->middleware('auth')->only('edit', 'update');

Or exclude certain methods:

 $this->middleware('auth')->except('index');

This keeps things clean when a controller has several routes but only some need protection.

Custom Middleware: Create Your Own Logic

Laravel comes with built-in middleware like auth and throttle , but sometimes you need something custom — like checking user roles or permissions.

To create your own middleware:

 php artisan make:middleware EnsureUserIsAdmin

Then in the generated file ( app/Http/Middleware/EnsureUserIsAdmin.php ), add your logic:

 public function handle($request, $next)
{
    if (! $request->user()->isAdmin()) {
        return redirect('home');
    }

    return $next($request);
}

Register it in app/Http/Kernel.php under $routeMiddleware :

 'admin' => \App\Http\Middleware\EnsureUserIsAdmin::class,

Now you can use 'admin' anywhere else in your routes or controllers.

So yes, applying middleware in Laravel isn't hard — it's just a matter of choosing where and how you apply it. Whether per-route, grouped, or controller-based, Laravel gives you options that scale well from small to large apps. And creating custom middleware is easy enough once you know where to register it.

The above is the detailed content of How do I apply middleware to routes in Laravel?. For more information, please follow other related articles on the PHP Chinese website!