Middleware & Security

Phexium provides security through a layered middleware stack and RBAC-based authorization.

In This Section

Middleware Stack - Middleware ordering and configuration
RBAC Permissions - Role-based access control
Authentication - User authentication flow
Session Management - Session plugin usage
CSRF Protection - Cross-site request forgery prevention

Key Components

Component	Purpose
SessionMiddleware	Start/save sessions
RbacPermissionMiddleware	Check route permissions
SessionInterface	Session abstraction
AuthorizationInterface	Permission checking

Security Flow

Request → SessionMiddleware → RbacPermissionMiddleware → Controller

The middleware stack processes requests before they reach controllers. Session data is loaded, permissions are checked, and unauthorized requests receive 403 responses.

Configuration Files

config/{app}/bootstrap.php - Middleware stack registration
config/{app}/permissions.php - RBAC permission definitions
config/{app}/container.php - Session and authorization services