Middleware
The gatekeepers of your application
Middleware runs before your controller. It deserves its own tests.
Middleware
// app/Http/Middleware/RequireApiKey.php
class RequireApiKey
{
public function handle(Request $request, Closure $next): mixed
{
if (! $request->hasHeader('X-Api-Key')) {
abort(Response::HTTP_UNAUTHORIZED, 'API key required.');
}
return $next($request);
}
}
Feature Test — assert middleware is applied
// tests/Feature/Http/Controllers/ApiControllerTest.php
$response = $this->get(route('api.data'));
$response->assertMiddlewareIsApplied('require-api-key');
Unit Test — assert middleware logic
// tests/Unit/Http/Middleware/RequireApiKeyTest.php
public function missing_header_aborts_request(): void
{
$this->expectException(HttpException::class);
$middleware = new RequireApiKey;
$request = new Request;
$middleware->handle($request, function () {
$this->fail('Next middleware was called.');
});
}
public function valid_header_continues_request(): void
{
$request = Request::create('/api/data', 'GET');
$request->headers->set('X-Api-Key', 'secret');
$expectedResponse = new Response('allowed', Response::HTTP_OK);
$next = fn() => $expectedResponse;
$actualResponse = (new RequireApiKey)->handle($request, $next);
$this->assertSame($expectedResponse, $actualResponse);
}Powered by @jcergolj additional-test-assertions-for-laravel