Middleware either does configuration work or blocks the request when certain conditions aren't met. Requests are blocked by exceptions. By using exceptions we catch all unintended requests and handle them in a consistent way. Read more on exceptions.
- AuthorizationMiddleware (Acl)
- Cross-origin resource sharing (CORS)
new Exception(ErrorCodes::GEN_NOTFOUND) when an endpoint does not exist (on Phalcon's
use PhalconRest\Middleware\NotFoundMiddleware; $api->attach(new NotFoundMiddleware());
Authenticates a session token that either has been passed as a query parameter
?token or as an
Authorization header with prefixed by
new Exception(ErrorCodes::AUTH_BADTOKEN) when an invalid token has been passed.
new UserException(ErrorCodes::AUTH_EXPIRED) when an expired token has been passed.
use PhalconRest\Middleware\AuthenticationMiddleware; $api->attach(new AuthenticationMiddleware());
new Exception(ErrorCodes::AUTH_FORBIDDEN) when the endpoint is not authorized (ex. excluded for this particular user).
new Exception(ErrorCodes::AUTH_UNAUTHORIZED) when the request is not authorized.
use PhalconRest\Middleware\AuthorizationMiddleware; $api->attach(new AuthorizationMiddleware());
Configures which includes need to be included in responses managed by the Fractal Manager service.
use PhalconRest\Middleware\FractalMiddleware; $api->attach(new FractalMiddleware());
Allows all origins provided to make CORS (Cross-origin resource sharing) requests.
use PhalconRest\Middleware\CorsMiddleware; $api->attach(new CorsMiddleware([ 'frontend-app.dev' ]);
Wildcard can also be used
use PhalconRest\Middleware\CorsMiddleware; $api->attach(new CorsMiddleware(['*']);
Responds to all
OPTION (preflight) requests with a
200 OK response.
use PhalconRest\Middleware\OptionsResponseMiddleware; $api->attach(new OptionsResponseMiddleware());
Updates the global query by parsing url query syntax. Read more on URL Query Syntax
use PhalconRest\Middleware\UrlQueryMiddleware; $api->attach(new UrlQueryMiddleware());