[10.x] Named static methods for middleware

[timacdonald]

Continuation of #46219. Framework first version of "HasParameters".

This PR introduces a more "typed" API for all the first party middleware - which gives a nicer DX than the "stringy" API, in my opinion.

Route::get('users', UserController::class) ->middleware([ Authenticate::class, // default. Authenticate::using('web'), // specify a guard. Authenticate::using('web', 'another'), // specify multiple guards. AuthenticateWithBasicAuth::class, // default. AuthenticateWithBasicAuth::using('web'), // specify a guard. AuthenticateWithBasicAuth::using('web', 'field'), // specify field AuthenticateWithBasicAuth::using(field: 'field'), // supports named arguments Authorize::using('access-nova'), // specify an ability. Authorize::using('store', Post::class), // specify an ability with a model. Authorize::using('update', 'post', 'comment'), // specify multiple models. EnsureEmailIsVerified::class, // default. EnsureEmailIsVerified::redirectTo('route.name'), // specify a redirect. RequirePassword::class, // default. RequirePassword::using('route.name'), // specify a redirect. RequirePassword::using('route.name', 100), // specify both. RequirePassword::using(passwordTimeoutSeconds: 100), // supports named arguments SetCacheHeaders::using('max_age=120;no-transform;s_maxage=60'), // using a string. SetCacheHeaders::using([ 'max_age=120', 'no-transform', 's_maxage=60', ]), // using a list of values. SetCacheHeaders::using([ 'max_age' => 120, 'no-transform', 's_maxage' => '60', ]), // using a hash/list of values. ValidateSignature::class, // default (absolute). ValidateSignature::relative(), // relative URL. ValidateSignature::absolute(), // absolute URL. This is the default, but provided a named method for completeness. ThrottleRequests::using('gold-tier'), // named rate limiter ThrottleRequests::with(100, 1, 'foo'), // custom with attempts, decay, and prefix ThrottleRequests::with(prefix: 'foo'), // supports named arguments. ]);

If we made this the documented approach, we could potentially remove the middleware aliases from the kernel.

https://github.com/laravel/laravel/blob/5070934fc5fb8bea7a4c8eca44a6b0bd59571be7/app/Http/Kernel.php#L48-L66

[timacdonald]

$redirectToRoute may be null if no arguments, but it may also be an empty string when only passwordTimeoutSeconds is specified.

"password.confirm:,300" // or with this new syntax RequirePassword::using(passwordTimeoutSeconds: 300);

[newtonjob]

I feel that using potentially works for all cases, and should probably be available for all the middleware classes.

Authorize::using('admin') may read nicer than Authorize::can('admin').

Also, I think middleware aliases have their place, especially for simple middleware with few or no parameters.

[laserhybiz]

I would suggest naming the using() method to withParameters().

I think this functionality should either be implemented in a base middleware class which all middleware should extend or a trait like the original package, this will be helpful when creating for custom middleware with the make:middleware command to not have to write this functionality manually.

[timacdonald]

After taking a beat, I think I could get behind using for the authorise middleware. can feels a bit janky. I prefer the other different named methods, but wouldn’t be mad if we just used using everywhere.

I don’t think it makes sense to put this in a base class / trait for what we are trying to achieve. You lose named parameters, which is a nice feature of this, and then you’d have to have a method docblock for each middleware anyway to specify the parameters / types etc.

[timacdonald]

I've renamed Authorize::can(...) to Authorize::using(...).