Filters in CodeIgniter 4 provide a simple way to process HTTP requests before they reach your controllers or after responses are generated. Acting as a form of middleware, filters offer a powerful mechanism to apply cross-cutting concerns like authentication, logging, and content transformation throughout your application.
Filters are classes that can intercept incoming requests and outgoing responses. They allow you to:
CodeIgniter 4 supports two main types of filters:
Creating a filter in CodeIgniter 4 is straightforward. Here's a basic example:
<?php
namespace App\Filters;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;
use CodeIgniter\Filters\FilterInterface;
class AuthFilter implements FilterInterface
{
public function before(RequestInterface $request, $arguments = null)
{
// Check if user is logged in
if (!session()->get('logged_in')) {
return redirect()->to('/login');
}
}
public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
{
// Do something here if needed
return $response;
}
}
To use your filters, you must register them in the app/Config/Filters.php file:
public $aliases = [
'csrf' => \CodeIgniter\Filters\CSRF::class,
'toolbar' => \CodeIgniter\Filters\DebugToolbar::class,
'honeypot' => \CodeIgniter\Filters\Honeypot::class,
'auth' => \App\Filters\AuthFilter::class, // Our custom filter
];
There are several ways to apply filters in your application:
To apply filters to every request:
// In app/Config/Filters.php
public $globals = [
'before' => [
'auth', // Apply auth filter before controller execution
],
'after' => [
'toolbar', // Apply toolbar filter after controller execution
],
];
Apply filters to specific routes:
// In app/Config/Routes.php
$routes->get('/dashboard', 'Dashboard::index', ['filter' => 'auth']);
Apply filters to groups of routes:
// In app/Config/Routes.php
$routes->group('admin', ['filter' => 'auth'], function($routes) {
$routes->get('users', 'Admin::users');
$routes->get('products', 'Admin::products');
});
CodeIgniter 4 comes with several useful built-in filters:
Filters can accept arguments to customize their behavior:
// In app/Config/Routes.php
$routes->get('/admin/users', 'Admin::users', ['filter' => 'role:admin,manager']);
In your filter:
public function before(RequestInterface $request, $arguments = null)
{
$role = session()->get('role');
if (!in_array($role, $arguments)) {
return redirect()->to('/access-denied');
}
}
Filters interact with the following events in CodeIgniter's request lifecycle:
Filters in CodeIgniter 4 provide a powerful mechanism for handling cross-cutting concerns in your web application. By intercepting requests and responses at various stages in the application lifecycle, filters allow you to maintain clean controllers and models while ensuring important functionality like authentication, logging, and security are consistently applied.
Whether you're building a simple website or a complex web application, understanding and utilizing filters effectively can significantly improve your code organization and maintainability.
