Bug Description
RouterUri::addMiddleware() accepts a string parameter and resolves it by registered middleware name or group name. When a developer passes a class reference (e.g., StartSessionMiddleware::class), the method silently does nothing — no error, no warning. The middleware is simply not applied to the route.
This is particularly problematic because:
- Using
::class is the natural, type-safe PHP pattern
- The
RouteOption::MIDDLEWARE option accepts strings, so passing a class constant looks correct
- The failure is completely silent, making it very hard to diagnose
Steps to Reproduce
- Register a route with middleware using the class reference:
Router::api([
RouteOption::PATH => 'apis/example',
RouteOption::TO => SomeService::class,
RouteOption::MIDDLEWARE => StartSessionMiddleware::class,
]);
- Make a request to the route
- The session middleware is never executed
Expected Behavior
Either:
- The middleware should be resolved by class name (instantiate and register if needed), or
- An exception should be thrown indicating the middleware was not found
Actual Behavior
The middleware string "WebFiori\Framework\Middleware\StartSessionMiddleware" doesn't match the registered name 'start-session' nor any group name. The method returns silently without adding any middleware to the route.
Relevant code in RouterUri.php:
public function addMiddleware(string $name) {
$mw = MiddlewareManager::getMiddleware($name);
if ($mw === null) {
$group = MiddlewareManager::getGroup($name);
foreach ($group as $mw) {
$this->assignedMiddlewareList[] = $mw;
}
return; // Silent return — no middleware added, no error
}
$this->assignedMiddlewareList[] = $mw;
}WebFiori Version
3.0.0-RC1
PHP Version
8.4.18
Operating System
Linux
Additional Context
Proposed fix — support class resolution and throw on invalid values:
public function addMiddleware(string $name) {
$mw = MiddlewareManager::getMiddleware($name);
if ($mw === null) {
$group = MiddlewareManager::getGroup($name);
if (!empty($group)) {
foreach ($group as $mw) {
$this->assignedMiddlewareList[] = $mw;
}
return;
}
// Try resolving as class name
if (class_exists($name) && is_subclass_of($name, AbstractMiddleware::class)) {
$inst = new $name();
MiddlewareManager::register($inst);
$this->assignedMiddlewareList[] = $inst;
return;
}
throw new \InvalidArgumentException(
"Middleware '$name' is not registered, does not match any group, "
. "and is not a valid middleware class."
);
}
$this->assignedMiddlewareList[] = $mw;
}This supports both patterns (name string and class reference), and fails loudly on typos or invalid values instead of silently ignoring them.
Bug Description
RouterUri::addMiddleware()accepts a string parameter and resolves it by registered middleware name or group name. When a developer passes a class reference (e.g.,StartSessionMiddleware::class), the method silently does nothing — no error, no warning. The middleware is simply not applied to the route.This is particularly problematic because:
::classis the natural, type-safe PHP patternRouteOption::MIDDLEWAREoption accepts strings, so passing a class constant looks correctSteps to Reproduce
Expected Behavior
Either:
Actual Behavior
The middleware string
"WebFiori\Framework\Middleware\StartSessionMiddleware"doesn't match the registered name'start-session'nor any group name. The method returns silently without adding any middleware to the route.Relevant code in
RouterUri.php:WebFiori Version
3.0.0-RC1
PHP Version
8.4.18
Operating System
Linux
Additional Context
Proposed fix — support class resolution and throw on invalid values:
This supports both patterns (name string and class reference), and fails loudly on typos or invalid values instead of silently ignoring them.