PSR-15 HTTP Server Middleware Components

This is a curated (most likely not complete) list of PSR-15 HTTP Server Middleware Components.

Authentication

• Tuupola/BrancaAuthentication
  Implements Branca Token Authentication. Branca is similar to JWT but more secure and has smaller token size. Does not implement OAuth authorization server nor does it provide ways to generate, issue or store the authentication tokens. Only parses and authenticates a token when passed via header or cookie.
• Middlewares/HttpAuthentication
  Implements RFC 2617 Http Authentication. Contains the following components:
  • Middlewares/BasicAuthentication
  • Middlewares/DigestAuthentication
• Tuupola/HttpBasicAuthentication
  Implements HTTP Basic Authentication. Supports different authenticators.
• Tuupola/JwtAuthentication
  Implements RFC 7519 JSON Web Token Authentication. Does not implement OAuth 2.0 authorization server nor does it provide ways to generate, issue or store authentication tokens. Only parses and authenticates a token when passed via header or cookie.
• Zend/Expressive Authentication
  
  Provides authentication abstraction using a middleware approach for PSR-7 and PSR-15 applications. Supports different authentication adapters as separate packages:
  • Zend/BasicAccess
    Implements Basic Access Authentication. Supports only bcrypt as the password hashing algorithm to ensure best security.
  • Zend/PhpSession
    Authenticates username/password credential pairs and persists them between requests via PHP sessions.
  • Zend/ZendAuthentication
    Supports the zend-authentication component.
  • Zend/Expressive Authentication
    Supports the OAuth2 authentication framework via the league/oauth2-server package.

Cache

• Middlewares/Cache
  Adds cache support.
  • Middlewares/Cache
    Saves the response headers in a PSR-6 cache pool and returns 304 Not modified responses if the response is still valid.
  • Middlewares/CachePrevention
    Adds response headers for cache prevention. Useful in development environments.
  • Middlewares/Expires
    Adds the Expires and Cache-Control: max-age headers to the response.
• Middlewares/Filesystem
  Saves or reads responses from files. It uses Flysystem as filesystem handler, so you can use not only local directories, but also any other adapter like FTP, SFTP, Dropbox, etc. Contains the following components:
  • Middlewares/Reader
  • Middlewares/Writer

Client Info

• Middlewares/ClientIp
  Detects the client IP and saves it as a request attribute.
• Middlewares/Geolocation
  Determines the client's geo location using the IP address and Geocoder and saves the result as a request attribute.
• Middlewares/Negotiation
  Implements content negotiation using wildurand/Negotiation. Contains the following components:
  • Middlewares/ContentType
  • Middlewares/ContentLanguage
  • Middlewares/ContentEncoding

Compression

• Middlewares/Encoder
  Encodes the response body with gzip or deflate if the Accept-Encoding header is present and adds the Content-Encoding header. Contains the following components:
  • Middlewares/DeflateEncoder
  • Middlewares/GzipEncoder
• Middlewares/Minifier
  Minifies HTML, CSS and Javascript content using mrclay/minify. Contains the following components:
  • Middlewares/CssMinifier
  • Middlewares/HtmlMinifier
  • Middlewares/JsMinifier

Development Utilities

• Middlewares/Debugbar
  Inserts PHP DebugBar automatically in HTML responses.
• PhpMiddleware / Debugbar
  Inserts PHP DebugBar automatically in HTML responses.
• PhpMiddleware / Maintenance
  Displays a 503 maintenance page according to How to deal with planned site downtime in the Google Webmaster Central Blog.
• PhpMiddleware / RequestId
  Generates a request id (correlation id) and adds it to the header of request and response. Supports several id generators.
• PhpMiddleware / RequestSimulator
  Provides a form for handcrafted requests. Useful for debugging and testing.
• Middlewares/ResponseTime
  Calculates the response time (in miliseconds) and saves it into the X-Response-Time header.
• Tuupola/ServerTiming
  Implements the Server-Timing header which can be used for displaying server side timing information on Chrome DevTools.
• Middlewares/Shutdown
  Displays a 503 maintenance page.
• Middlewares/Uuid
  Generates a RFC 4122 version 4 compatible UUID (Universally Unique Identifier) using ramsey/uuid and saves it in the X-Uuid header of the request and the response. Useful for debugging purposes.

Error / Exception Handling

• Middlewares/ErrorHandler
  Executes a handler if the response returned by subsequent middleware has any error (status code 400-599) or a Middlewares\HttpErrorException is thrown.
• Middlewares/Whoops
  Uses Whoops as error handler.

Logging

• Middlewares/AccessLog
  Generates access logs for each request using Apache's access log format. Requires a PSR-3 log implementation.
• PhpMiddleware / LogExceptions
  Logs and rethrows all (unhandled) exceptions to a PSR-3 log implementation.
• PhpMiddleware / LogHttpMessages
  Provides logging of request and response messages to a PSR-3 log implementation.

Proxy

• Middlewares/Proxy
  Creates an HTTP proxy using Guzzle.
• Ellipse/ScopedMiddleware
  Proxies other middleware based on URL condition. Contains the following components:
  • Ellipse/BasepathBasedMiddleware
    
  • Ellipse/HostBasedMiddleware
    
  • Ellipse/SchemeBasedMiddleware
    
  • Ellipse/UrlPartBasedMiddleware
    

Robots

• PhpMiddleware / BlockRobots
  Enables/disables the robots of the search engines for non-production environment. Automatically adds the X-Robots-Tag header in all responses and returns a default body for /robots.txt request.
• Middlewares/Recaptcha
  Uses Google reCAPTCHA library for spam prevention. Returns a 403 response if the request is not valid.
• Middlewares/Robots
  Enables/disables the robots of the search engines for non-production environment. Automatically adds the X-Robots-Tag header in all responses and returns a default body for /robots.txt request.

Router

• Middlewares/AuraRouter
  Uses Aura.Router and stores the route handler in a request attribute.
• Middlewares/FastRoute
  Uses FastRoute for handler discovery.
• Middlewares/RequestHandler
  Executes request handlers discovered by a router.
• Ellipse/Router
  Provides different routers. Supported are:
  • Ellipse/AuraRouter
    
  • Ellipse/FastRoute
    

Security

• Middlewares/Cors
  Implements Cross-Origin Resource Sharing (CORS) using neomerx/cors-psr7.
• Tuupola/Cors
  Implements Cross-Origin Resource Sharing.
• Middlewares/Csp
  Adds the Content-Security-Policy header to the response using paragonie/csp-builder library. It can also handle the CSP error reports using a PSR-3 log implementation.
• Grafikart/Csrf
  Checks every POST, PUT or DELETE request for a CSRF token. Tokens are persisted using an ArrayAccess compatible session and are generated on demand.
• Middlewares/Firewall
  Provides IP filtering using M6Web/Firewall.
• Middlewares/Honeypot
  Implements honeypot spam prevention. Returns a 403 response if the request is from a bot.
• Middlewares/ReferrerSpam
  Blocks referrer spammers using piwik/referrer-spam-blacklist. It returns a 403 response if the URL host in the Referer header is in the blacklist.

Session

• Middlewares/AuraSession
  Manages sessions using Aura.Session.
• Middlewares/PhpSession
  Starts a PHP session using the request data and closes it after returning the response.

URL

• Middlewares/BasePath
  Removes the prefix from the URI path of the request. This is useful to combine with routers if the root of the website is in a subdirectory. For example, if the root of the website is /web/public, a request with the URI /web/public/posts/34 will be converted to /posts/34.
• Middlewares/Https
  Redirects to https if the request is http and add the Strict-Transport-Security header to protect against protocol downgrade attacks and cookie hijacking according to RFC 6797 HTTP Strict Transport Security (HSTS).
• Middlewares/Redirect
  Redirects old URLs to new URLs in a SEO friendly way.
• Middlewares/TrailingSlash
  Normalizes the trailing slash of the URI path. By default removes the slash so, for example, /posts/23/ is converted to /posts/23.
• Middlewares/Www
  Adds or removes the www subdomain in the host URI and returns a redirect response.

Miscellaneous

• Prooph/HttpMiddleware
  Consumes Prooph messages. Contains the following components:
  • Prooph/CommandMiddleware
    Dispatches the message data to the command bus system
  • Prooph/QueryMiddleware
    Dispatches the message data to the query bus system
  • Prooph/EventMiddleware
    Dispatches the message data to the event bus system
  • Prooph/MessageMiddleware
    Dispatches the message data to the appropriated bus system depending on message type
• Middlewares/ImageManipulation
  Transforms images on demand, allowing resize, crop, rotate and transform to other formats. Uses imagecow library that can detect and use Gd and Imagick, and also has support for client hints and different automatic cropping methods. The URI is generated encoding the image path and the manipulation options with lcobucci/jwt to prevent alterations and image-resize attacks.
• Middlewares/MethodOverride
  Overrides the request method using the X-Http-Method-Override header. This is useful for clients unable to send other methods than GET and POST.
• Middlewares/Payload
  Parses the body of the request if it's not already parsed and the method is POST, PUT or DELETE. Contains the following components to support different formats:
  • Middlewares/CsvPayload
  • Middlewares/JsonPayload
  • Middlewares/UrlEncodedPayload

Contributing

Please see CONTRIBUTING for details.

License

This list is curated by Niels Braczek.

To the extent possible under law, the person who associated CC0 with this list has waived all copyright and related or neighboring rights to this list.

You should have received a copy of the CC0 legalcode along with this work. If not, see http://creativecommons.org/publicdomain/zero/1.0/.