Custom middleware in Laravel is a great place to handle cross-cutting concerns — rate limiting, API versioning, request logging, geo-blocking — but getting the registration, termination handling, and edge cases right is tedious to look up each time. Claude can generate the whole thing.
Describe what you need and where it fits in the pipeline:
Write Laravel middleware that:
- Checks for a valid X-Api-Version header on all routes under /api/v2/
- Returns a 400 JSON response if the header is missing or not one of: 1, 2, 3
- Logs the requested version and route to a dedicated "api_access" log channel
- Runs as terminable middleware so logging happens after the response is sent
Register it in bootstrap/app.php scoped to the api middleware group.
Claude will generate the middleware class with the correct handle() and terminate() signatures, register it properly, and write a Pest feature test that verifies both the happy path and the validation error:
public function terminate(Request $request, Response $response): void
{
Log::channel('api_access')->info('API request', [
'version' => $request->header('X-Api-Version'),
'route' => $request->path(),
'status' => $response->getStatusCode(),
]);
}
Middleware is where good intentions go to die in untested code — having Claude write the class and the test at the same time means it actually gets covered.
Log in to leave a comment.
The /security-review command scans your uncommitted changes for injection vectors, auth gaps, hardcoded secrets, and other common vulnerabilities.
The SessionStart hook fires when any session begins or resumes, making it ideal for loading environment variables and running one-time setup scripts.
Ask Claude to write property-based tests for your functions using fast-check — it identifies the mathematical invariants in your code and generates tests that cover inputs you'd never enumerate by hand.