# Middleware
You can run code *before* and *after* your Slim application to manipulate the Request and Response objects as you see fit. This is called *middleware*. Why would you want to do this? Perhaps you want to protect your app from cross-site request forgery. Maybe you want to authenticate requests before your app runs. Middleware is perfect for these scenarios.
## What is middleware?
Technically speaking, a middleware is a *callable* that accepts three arguments:
1. `\Psr\Http\Message\ServerRequestInterface` - The PSR7 request object
2. `\Psr\Http\Message\ResponseInterface` - The PSR7 response object
3. `callable` - The next middleware callable
It can do whatever is appropriate with these objects. The only hard requirement is that a middleware MUST return an instance of `\Psr\Http\Message\ResponseInterface`. Each middleware SHOULD invoke the next middleware and pass it Request and Response objects as arguments.
## How does middleware work?
Different frameworks use middleware differently. Slim adds middleware as concentric layers surrounding your core application. Each new middleware layer surrounds any existing middleware layers. The concentric structure expands outwardly as additional middleware layers are added.
When you run the Slim application, the Request and Response objects traverse the middleware structure from the outside in. They first enter the outer-most middleware, then the next outer-most middleware, (and so on), until they ultimately arrive at the Slim application itself. After the Slim application dispatches the appropriate route, the resultant Response object exits the Slim application and traverses the middleware structure from the inside out. Ultimately, a final Response object exits the outer-most middleware, is serialized into a raw HTTP response, and is returned to the HTTP client. Here’s a diagram that illustrates the middleware process flow:
![](https://box.kancloud.cn/2015-10-23_5629d1b6da0db.png)
## How do I write middleware?
Middleware is a callable that accepts three arguments: a Request object, a Response object, and the next middleware. Each middleware MUST return an instance of`\Psr\Http\Message\ResponseInterface`.
### Closure middleware example.
This example middleware is a Closure.
~~~
<?php
/**
* Example middleware closure
*
* @param \Psr\Http\Message\ServerRequestInterface $request PSR7 request
* @param \Psr\Http\Message\ResponseInterface $response PSR7 response
* @param callable $next Next middleware
*
* @return \Psr\Http\Message\ResponseInterface
*/
function ($request, $response, $next) {
$response->getBody()->write('BEFORE');
$response = $next($request, $response);
$response->getBody()->write('AFTER');
return $response;
};
~~~
### Invokable class middleware example
This example middleware is an invokable class that implements the magic `__invoke()`method.
~~~
<?php
class ExampleMiddleware
{
/**
* Example middleware invokable class
*
* @param \Psr\Http\Message\ServerRequestInterface $request PSR7 request
* @param \Psr\Http\Message\ResponseInterface $response PSR7 response
* @param callable $next Next middleware
*
* @return \Psr\Http\Message\ResponseInterface
*/
public function __invoke($request, $response, $next)
{
$response->getBody()->write('BEFORE');
$response = $next($request, $response);
$response->getBody()->write('AFTER');
return $response;
}
}
~~~
To use this class as a middleware, you can use `->add( new ExampleMiddleware() );`function chain after the `$app`, `Route`, or `group()`, which in the code below, any one of these, could represent $subject.
~~~
$subject->add( new ExampleMiddleware() );
~~~
## How do I add middleware?
You may add middleware to a Slim application, to an individual Slim application route or to a route group. All scenarios accept the same middleware and implement the same middleware interface.
### Application middleware
Application middleware is invoked for every *incoming* HTTP request. Add application middleware with the Slim application instance’s `add()` method. This example adds the Closure middleware example above:
~~~
<?php
$app = new \Slim\App();
$app->add(function ($request, $response, $next) {
$response->getBody()->write('BEFORE');
$response = $next($request, $response);
$response->getBody()->write('AFTER');
return $response;
});
$app->get('/', function ($req, $res, $args) {
echo ' Hello ';
});
$app->run();
~~~
This would output this HTTP response body:
~~~
BEFORE Hello AFTER
~~~
### Route middleware
Route middleware is invoked *only if* its route matches the current HTTP request method and URI. Route middleware is specified immediately after you invoke any of the Slim application’s routing methods (e.g., `get()` or `post()`). Each routing method returns an instance of`\Slim\Route`, and this class provides the same middleware interface as the Slim application instance. Add middleware to a Route with the Route instance’s `add()` method. This example adds the Closure middleware example above:
~~~
<?php
$app = new \Slim\App();
$mw = function ($request, $response, $next) {
$response->getBody()->write('BEFORE');
$response = $next($request, $response);
$response->getBody()->write('AFTER');
return $response;
};
$app->get('/', function ($req, $res, $args) {
echo ' Hello ';
})->add($mw);
$app->run();
~~~
This would output this HTTP response body:
~~~
BEFORE Hello AFTER
~~~
### Group Middleware
In addition to the overall application, and standard routes being able to accept middleware, the`group()` multi-route definition functionality, also allows individual routes internally. Route group middleware is invoked *only if* its route matches one of the defined HTTP request methods and URIs from the group. To add middleware within the callback, and entire-group middleware to be set by chaining `add()` after the `group()` method.
Sample Application, making use of callback middleware on a group of url-handlers
~~~
<?php
require_once __DIR__.'/vendor/autoload.php';
$app = new \Slim\App();
$app->get('/', function ($request, $response) {
return $response->getBody()->write('Hello World');
});
$app->group('/utils', function () use ($app) {
$app->get('/date', function ($request, $response) {
return $response->getBody()->write(date('Y-m-d H:i:s'));
});
$app->get('/time', function ($request, $response) {
return $response->getBody()->write(time());
});
})->add(function ($request, $response, $next) {
$response->getBody()->write('It is now ');
$response = $next($request, $response);
$response->getBody()->write('. Enjoy!');
return $response;
});
~~~
When calling the `/utils/date` method, this would output a string similar to the below
~~~
It is now 2015-07-06 03:11:01\. Enjoy!
~~~
visiting `/utils/time` would output a string similar to the below
~~~
It is now 1436148762\. Enjoy!
~~~
but visiting `/` *(domain-root)*, would be expected to generate the following output as no middleware has been assigned
~~~
Hello World
~~~
- 概述
- Get Started
- Home
- Installation
- Upgrade Guide
- Web Servers
- Concepts
- PSR 7
- Middleware
- Dependency Container
- The Request
- The Response
- Routing
- Error Handling
- 500 Server Error
- 404 Not Found
- 405 Not Allowed
- Add Ons
- Templates
- HTTP Caching
- CSRF Protection
- Flash Messages
- Contributing
- Branching Strategy
- Guidelines