(Policies are basically scoped middlewares, they function almost exactly the same but can be ran before/after a handler/controller)
Where possible I recommend policies instead of middlewares, generally you would only use a middleware if you need it ran on every request.