the problem with middleware is the lack of information. AFAIK, you have not all information in middleware for validating if someone has the permission to receive the message etc. Its missing for example the controller information.
middleware has only context information. So far you would need to inject the needed information in custom controllers.
But maybe someone knows more.