Middleware System
The middleware layer is responsible for intercepting requests and determining access:
Access Control Flow
/**
* Handle an incoming request.
*/
public function handle(Request $request, Closure $next): Response
{
$canAccess = Curtain::canAccessPath($request);
if ($canAccess) {
return $next($request);
}
return Curtain::render();
}/**
* Check if a request should be allowed through maintenance mode.
*
* @param Request $request The HTTP request
* @return bool True if request should be allowed
*/
public function canAccessPath(Request $request): bool
{
if (! $this->isDownForMaintenance()) {
return true;
}
if ($this->shouldPassThroughPath($request->path())) {
return true;
}
if ($this->isAllowedIp($request->ip())) {
return true;
}
return $this->hasValidBypassToken($request);
}Access Control Hierarchy
IP Whitelist Check
Excluded Paths Check
Bypass Token Check
Default: Show maintenance page
Last updated