Overview
Laravel 13 lets you assign middleware and authorization checks to controllers using PHP attributes. Instead of implementing theHasMiddleware interface or adding can middleware to routes, you simply annotate the class or method.
#[Middleware] — Assigning Middleware
Applying to a Class
A class-level#[Middleware] attribute applies the middleware to every action in the controller.
Applying to a Method
Method-level middleware is merged with any class-level middleware.only / except Constraints
Use only or except on a class-level attribute to limit which methods it targets.
Closure Middleware
Attributes also accept closures for inline middleware logic.Comparison with the middleware() Method
When using attributes you do not need to implement
HasMiddleware. Avoid mixing the middleware() method with attributes on the same controller to prevent unexpected behavior.#[WithoutMiddleware] — Excluding Middleware
Remove middleware that was applied at the class level from specific methods or the entire class.
Applying to a Method
Class-Level Exclusion with only / except
#[Authorize] — Policy Authorization
A convenient shorthand for the can middleware. Declare policy checks directly on controller methods.
Basic Usage
The Second Argument
Comparison with Route Middleware
Practical Example: Full Resource Controller
When to Use Attributes vs. Other Approaches
Next Steps
PHP Attributes (Queues & Eloquent)
PHP attributes for queue jobs and Eloquent models.
Controllers
Learn the basics of Laravel controllers.