> For the complete documentation index, see [llms.txt](https://quantumphp.gitbook.io/docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://quantumphp.gitbook.io/docs/packages/middleware/usage.md).

# Usage

## Write a middleware class

Create a class in your module's `Middlewares` namespace and extend `Quantum\Middleware\Middleware`.

```php
namespace App\Blog\Middlewares;

use Closure;
use Quantum\Http\Request;
use Quantum\Http\Response;
use Quantum\Middleware\Middleware;

final class RequireEditor extends Middleware
{
    public function __construct(private Request $request)
    {
    }

    public function apply(Request $request, Closure $next): Response
    {
        if (!auth()->check() || !auth()->user()->isEditor()) {
            return redirect('/signin');
        }

        return $next($request);
    }
}
```

The constructor example matters because the manager instantiates middleware with the current request before `apply()` runs.

## Continue or stop

The basic decision inside `apply()` is simple:

* return `$next($request)` when the request may continue
* return your own `Response` when the request should stop here

A common pattern is to validate first and only continue on success.

```php
public function apply(Request $request, Closure $next): Response
{
    if (!$request->has('token')) {
        return response()->json([
            'message' => 'Missing token',
        ], 400);
    }

    return $next($request);
}
```

## Understand execution order

Middleware runs in route order.

If a route lists multiple middleware names, the first one gets the first chance to stop or modify the request. Later middleware run when earlier middleware call `$next(...)`.

Group middleware wraps route-specific middleware. This is the usual shape for shared access checks plus route-level refinements.

```php
$route->group('account', function ($route) {
    $route->get('profile', 'AccountController', 'profile');

    $route->post('avatar', 'AccountController', 'avatar')
        ->middlewares(['VerifiedUser']);
})->middlewares(['Auth']);
```

With this setup, `Auth` runs before `VerifiedUser`.

## Know what the package resolves

The manager does not look in the container and does not resolve middleware by alias.

Make sure:

* the class exists under the current module's `Middlewares` namespace
* the route middleware name matches the class suffix exactly
* the class extends `Quantum\Middleware\Middleware`
* any constructor you define accepts the current `Request`

## Keep rate limiting in mind

If the route also has a rate-limit definition, Quantum runs rate limiting before your module middleware.

That means your custom middleware may never run when the request is already rejected by the rate-limit stage.

## Good fit for this package

Use middleware for request-level gates such as:

* authentication and guest checks
* ownership and role checks
* request preconditions
* early redirects or early API error responses

Avoid putting long business workflows here. The package is built for request flow control around a route handler.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://quantumphp.gitbook.io/docs/packages/middleware/usage.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.