Skip to content

feat(router): add ability to skip middleware per route #1472

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
innocenzi merged 2 commits into from
Aug 13, 2025
Merged

feat(router): add ability to skip middleware per route #1472

innocenzi merged 2 commits into from
Aug 13, 2025

Conversation

@innocenzi
Copy link
Member

@innocenzi innocenzi commented Aug 9, 2025

Closes #1470

This pull request adds the ability to skip a middleware from a particular route. This works by updating the middleware callable to not call the actual middleware if the route specifies that the middleware should be skipped.

This is done through the new without property on route attributes. Happy to change the name. withoutMiddleware is more explicit but I felt like it was too long. Would be nice to have with and without but it's more generic and would be a breaking change.

This offers the ability to have attributes dedicated to group of routes, for instance APIs:

#[Attribute(Attribute::IS_REPEATABLE | Attribute::TARGET_METHOD)]
final readonly class Api implements Route
{
    public function __construct(
        public Method $method,
        public string $uri,
        public array $middleware = [],
        public array $without = [],
    ) {
        $this->without[] = [
            ...$without,
            VerifyCsrfMiddleware::class,
            SetCookieMiddleware::class
        ];
    }
}

@innocenzi innocenzi force-pushed the feat/route-skip-middleware branch from e0e4e0c to 58a311d Compare August 9, 2025 15:32
@brendt
Copy link
Member

brendt commented Aug 13, 2025

As I mentioned in the issue: we already have DiscoveryConfig taking care of removing global middleware, but I think this feature also makes sense on its own.

brendt
brendt requested changes Aug 13, 2025
View reviewed changes
@brendt brendt changed the base branch from main to 2.x August 13, 2025 08:44
@innocenzi
Copy link
Member Author

innocenzi commented Aug 13, 2025

Are you fine with the naming (without)?

@brendt
Copy link
Member

brendt commented Aug 13, 2025

Yes, sounds good

@innocenzi innocenzi force-pushed the feat/route-skip-middleware branch from 58a311d to 5d3784d Compare August 13, 2025 13:25
@innocenzi innocenzi merged commit 0918555 into 2.x Aug 13, 2025
75 checks passed
@innocenzi innocenzi deleted the feat/route-skip-middleware branch August 13, 2025 13:58
brendt pushed a commit that referenced this pull request Aug 14, 2025
@innocenzi @brendt
feat(router): add ability to skip middleware per route (#1472)
ba2ef8a
Bapawe pushed a commit to Bapawe/tempest-framework that referenced this pull request Aug 29, 2025
@innocenzi @Bapawe
feat(router): add ability to skip middleware per route (tempestphp#1472)
915fbc8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brendt brendt brendt requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Unable to create POST route for API without triggering CsrfTokenDidNotMatch

3 participants

@innocenzi @brendt