Introduction
Filters in CodeIgniter 4 provide a simple way to process HTTP requests before they reach your controllers or after responses are generated. Acting as a form of middleware, filters offer a powerful mechanism to apply cross-cutting concerns like authentication, logging, and content transformation throughout your application.
What Are Filters?
Filters are classes that can intercept incoming requests and outgoing responses. They allow you to:
- Modify headers
- Redirect users
- Authenticate users
- Log requests
- Transform content
- And much more
Types of Filters in CodeIgniter 4
CodeIgniter 4 supports two main types of filters:
- Before Filters - Execute before the controller is called
- After Filters - Execute after the controller is called
Creating a Custom Filter
Creating a filter in CodeIgniter 4 is straightforward. Here's a basic example:
<?php
namespace App\Filters;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;
use CodeIgniter\Filters\FilterInterface;
class AuthFilter implements FilterInterface
{
public function before(RequestInterface $request, $arguments = null)
{
// Check if user is logged in
if (!session()->get('logged_in')) {
return redirect()->to('/login');
}
}
public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
{
// Do something here if needed
return $response;
}
}
Registering Filters
To use your filters, you must register them in the app/Config/Filters.php file:
public $aliases = [
'csrf' => \CodeIgniter\Filters\CSRF::class,
'toolbar' => \CodeIgniter\Filters\DebugToolbar::class,
'honeypot' => \CodeIgniter\Filters\Honeypot::class,
'auth' => \App\Filters\AuthFilter::class, // Our custom filter
];
Applying Filters
There are several ways to apply filters in your application:
1. Globally
To apply filters to every request:
// In app/Config/Filters.php
public $globals = [
'before' => [
'auth', // Apply auth filter before controller execution
],
'after' => [
'toolbar', // Apply toolbar filter after controller execution
],
];
C2. To Specific Routes
Apply filters to specific routes:
// In app/Config/Routes.php
$routes->get('/dashboard', 'Dashboard::index', ['filter' => 'auth']);
3. To Groups of Routes
Apply filters to groups of routes:
// In app/Config/Routes.php
$routes->group('admin', ['filter' => 'auth'], function($routes) {
$routes->get('users', 'Admin::users');
$routes->get('products', 'Admin::products');
});
Built-in Filters
CodeIgniter 4 comes with several useful built-in filters:
- CSRF - Protects against Cross-Site Request Forgery attacks
- DebugToolbar - Displays the debug toolbar
- Honeypot - Provides a CAPTCHA-like spam prevention technique
- InvalidChars - Blocks requests containing invalid characters in the URI
- SecureHeaders - Adds security headers to HTTP responses
Filter Arguments
Filters can accept arguments to customize their behavior:
// In app/Config/Routes.php
$routes->get('/admin/users', 'Admin::users', ['filter' => 'role:admin,manager']);
In your filter:
public function before(RequestInterface $request, $arguments = null)
{
$role = session()->get('role');
if (!in_array($role, $arguments)) {
return redirect()->to('/access-denied');
}
}
Filter Events
Filters interact with the following events in CodeIgniter's request lifecycle:
- pre-system - Before the entire framework is loaded
- before - Before a controller is executed
- after - After a controller is executed
- post-system - After the framework has finished executing
Best Practices
- Keep filters focused - Each filter should have a single responsibility
- Use filter arguments - Make your filters reusable by accepting arguments
- Consider performance - Filters run on every request, so keep them lightweight
- Chain filters carefully - Be aware of the order in which filters are executed
Conclusion
Filters in CodeIgniter 4 provide a powerful mechanism for handling cross-cutting concerns in your web application. By intercepting requests and responses at various stages in the application lifecycle, filters allow you to maintain clean controllers and models while ensuring important functionality like authentication, logging, and security are consistently applied.
Whether you're building a simple website or a complex web application, understanding and utilizing filters effectively can significantly improve your code organization and maintainability.