Middleware
Middleware functions have access to req, res, and next. They execute in the order specified.
Middleware Structure
javascript
// Example middleware export function myMiddleware(req, res, next) { // Add data to request req.customData = 'value'; // Continue to next middleware/handler next(); }
File-based API with Middleware
Attach middleware to the function using .middleware property:
javascript
// src/server/api/sum.js import { myMiddle } from './middlewares/myMiddle.js'; import { myMiddleTwo } from './middlewares/myMiddleTwo.js'; export function GET(req, res) { const result = req.one + req.two; res.json({ data: result }); } // Attach middleware GET.middleware = [myMiddle, myMiddleTwo];
Execution order:
1. myMiddle runs first
2. myMiddleTwo runs second
3. GET handler runs last
Config-based API with Middleware
Add middleware to the route definition:
javascript
// src/server/api/sum.js import { myMiddle } from './middlewares/myMiddle.js'; import { myMiddleTwo } from './middlewares/myMiddleTwo.js'; export const config = { routes: [ { path: '/', method: 'GET', handler: sum, middleware: [myMiddle, myMiddleTwo] } ] }; function sum(req, res) { const result = req.one + req.two; res.json({ data: result }); }
Middleware Examples
Authentication
javascript
// src/server/middlewares/auth.js export function authMiddleware(req, res, next) { const token = req.headers.authorization; if (!token) { return res.status(401).json({ error: 'Unauthorized' }); } try { req.user = verifyToken(token); next(); } catch (err) { return res.status(401).json({ error: 'Invalid token' }); } } function verifyToken(token) { // Verify JWT token... return { id: 1, name: 'User' }; }
Logging
javascript
// src/server/middlewares/logger.js export function logMiddleware(req, res, next) { console.log(`[${new Date().toISOString()}] ${req.method} ${req.path}`); next(); }
CORS
javascript
// src/server/middlewares/cors.js export function corsMiddleware(req, res, next) { res.header('Access-Control-Allow-Origin', '*'); res.header('Access-Control-Allow-Methods', 'GET,POST,PUT,DELETE'); res.header('Access-Control-Allow-Headers', 'Content-Type,Authorization'); if (req.method === 'OPTIONS') { return res.sendStatus(200); } next(); }
Rate Limiting
javascript
// src/server/middlewares/rateLimit.js const requests = new Map(); export function rateLimitMiddleware(req, res, next) { const ip = req.ip; const now = Date.now(); const windowMs = 60 * 1000; // 1 minute const maxRequests = 100; if (!requests.has(ip)) { requests.set(ip, []); } const userRequests = requests.get(ip); const recentRequests = userRequests.filter(time => now - time < windowMs); if (recentRequests.length >= maxRequests) { return res.status(429).json({ error: 'Too many requests' }); } recentRequests.push(now); requests.set(ip, recentRequests); next(); }
Global Middleware
Apply middleware to all routes using src/server/global.js:
javascript
// src/server/global.js import { corsMiddleware } from './middlewares/cors.js'; import { logMiddleware } from './middlewares/logger.js'; export const middlewares = [ corsMiddleware, logMiddleware ];
💡 Tip: Global middlewares in package structure must be placed only in the server folder of the first declared package.
For example:
javascript
packages: [ { name: 'web', prefix: '/' }, { name: 'admin', prefix: '/admin' } ]
Error Handling Middleware
Create error handlers with 4 parameters:
javascript
// src/server/middlewares/errorHandler.js export function errorHandler(err, req, res, next) { console.error(err.stack); res.status(err.status || 500).json({ error: process.env.NODE_ENV === 'production' ? 'Internal server error' : err.message }); }