Apply Middleware to all routes except `setup/*` in Laravel 5.4

✔ Recommended Answer

There's nothing wrong with what you're doing, however, I would suggest splitting your route groups up instead i.e.:

Route::group(['middleware' => ['auth', 'checkOnboarding']], function () {    Route::get('/home', 'HomeController@index');    Route::get('/account', 'AccountController@index');});Route::group(['prefix' => 'setup', 'middleware' => 'auth'], function () {    Route::get('/', 'OnboardingController@index')->name('setup');    Route::post('/settings', 'SettingsController@store');});

Alternatively, have a parent group for your auth:

Route::group(['middleware' => 'auth'], function () {    Route::group(['middleware' => 'checkOnboarding'], function () {        Route::get('/home', 'HomeController@index');        Route::get('/account', 'AccountController@index');    });    Route::group(['prefix' => 'setup'], function () {        Route::get('/', 'OnboardingController@index')->name('setup');        Route::post('/settings', 'SettingsController@store');    });});

This will also mean you can remove the extra condition in your middleware:

/** * Check to see if the user has completed the onboarding, if not redirect. * Also checks that the requested URI isn't the setup route to ensure there isn't a redirect loop. */return $request->user()->onboarding_complete ? $next($request) : redirect('setup');

Hope this helps!


Answered By: Rwd

Method #2

In Laravel 5.4, you can apply middleware to all routes except for those with a specific pattern, such as setup/*, by modifying the $middleware property in the app/Http/Kernel.php file.

Here's an example of how you can achieve this:

  1. Open the app/Http/Kernel.php file.

  2. Find the $middleware property and add the middleware you want to apply to all routes, except the ones with the setup/* pattern.

protected $middleware = [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, // Add your middleware here \App\Http\Middleware\RedirectIfAuthenticated::class, \Illuminate\Auth\Middleware\Authenticate::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, ];
  1. Add a new property called $middlewareGroups and define a new group of middleware that excludes the ones you want to skip for the setup/* routes. In this example, we'll call the new middleware group web_exclude_setup.
protected $middlewareGroups = [ 'web' => [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, // Add other middleware here that you want to apply to all routes \App\Http\Middleware\RedirectIfAuthenticated::class, \Illuminate\Auth\Middleware\Authenticate::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, ], 'api' => [ 'throttle:60,1', 'auth:api', ], // Add a new middleware group that excludes the middleware for the setup/* routes 'web_exclude_setup' => [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, // Add other middleware here that you want to apply to all routes except for setup/* \App\Http\Middleware\RedirectIfAuthenticated::class, \Illuminate\Auth\Middleware\Authenticate::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, ], ];
  1. In the same file, find the $routeMiddleware property and add a new entry for the middleware you just defined in the web_exclude_setup group. In this example, we'll call the new middleware exclude_setup.
protected $routeMiddleware = [ 'auth' => \Illuminate\Auth\Middleware\Authenticate::class, 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, 'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class, 'can' => \Illuminate\Auth\Middleware\Authorize::class, 'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class, 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, // Add a new entry for the middleware defined in the web_exclude_setup group 'exclude_setup' => \App\Http\Middleware\ExcludeSetupMiddleware::class, ];
  1. Finally, define a new middleware class in app/Http/Middleware/ExcludeSetupMiddleware.php that checks if the request URI matches the setup/* pattern. If it does, the middleware skips the request and passes it to the next middleware in the stack. If it doesn't match the pattern, the middleware applies the web_exclude_setup middleware group.
<?php namespace App\Http\Middleware; use Closure; class Exclude


Most Popular

Remove Unicode Zero Width Space PHP

PhpStorm, return value is expected to be 'A', 'object' returned

Laravel file upload returns forbidden 403, file permission is 700 not 755