Middleware plays a crucial role in Express applications. It acts as a bridge between the request and response cycle, allowing you to modify requests, respond to clients, or even terminate requests. This tutorial will explore different types of middleware, how to create custom middleware, and best practices for using middleware effectively in your API.

Understanding Middleware

Middleware functions are functions that have access to the request object, response object, and the next middleware function in the application’s request-response cycle. They can perform tasks such as:

• Modifying request and response objects
• Ending the request-response cycle
• Calling the next middleware in the stack

Types of Middleware

1. Application-Level Middleware: These middleware functions are bound to an instance of the app using app.use() or app.METHOD(), where METHOD is a specific HTTP method like GET or POST.

2. Router-Level Middleware: Similar to application-level middleware but are used with an instance of express.Router().

3. Built-In Middleware: Express has some built-in middleware like express.json() and express.urlencoded() to handle JSON and URL-encoded data.

4. Error-Handling Middleware: These middleware functions handle errors that occur during the processing of requests.

Using Built-In Middleware

Step 1: Setting Up Built-In Middleware

To handle JSON data in requests, you can use the built-in middleware express.json():

const express = require('express');
const app = express();

// Middleware to parse JSON bodies
app.use(express.json());

This setup allows your application to automatically parse JSON payloads in incoming requests.

Step 2: Handling URL-encoded Data

If your application needs to handle form submissions, use the express.urlencoded() middleware:

app.use(express.urlencoded({ extended: true }));

This middleware parses URL-encoded data and makes it available in req.body.

Creating Custom Middleware

Creating custom middleware can help you manage various functionalities like logging, authentication, and input validation.

Step 1: Creating a Simple Logging Middleware

Here’s how to create a logging middleware that logs incoming requests:

function logger(req, res, next) {
    console.log(`${req.method} ${req.url}`);
    next(); // Pass control to the next middleware
}

// Use the logger middleware
app.use(logger);

This middleware logs the HTTP method and URL of every request, making it easier to monitor API activity.

Step 2: Adding Authentication Middleware

You can also create middleware for authentication:

function authenticate(req, res, next) {
    const token = req.headers['authorization'];

    if (!token) {
        return res.status(403).json({ error: 'No token provided' });
    }

    // Assume a function verifyToken exists
    if (verifyToken(token)) {
        next();
    } else {
        return res.status(401).json({ error: 'Invalid token' });
    }
}

// Apply authentication middleware to a specific route
app.use('/protected', authenticate);

This middleware checks for a token in the headers and verifies it before allowing access to protected routes.

Applying Middleware to Routes

Middleware can be applied to specific routes, providing granular control over which middleware affects which routes.

Step 1: Applying Middleware to Specific Routes

You can apply middleware directly in route definitions:

app.get('/items', logger, (req, res) => {
    // Handler for fetching items
    res.json({ message: 'Fetching items' });
});

In this example, the logger middleware will only run for the /items route.

Step 2: Using Router-Level Middleware

If your application has multiple routes, consider using router-level middleware. First, create a new router:

const itemsRouter = express.Router();

itemsRouter.use(logger); // Apply logger to all routes in this router

itemsRouter.get('/', (req, res) => {
    res.json({ message: 'Fetching items' });
});

app.use('/items', itemsRouter);

This setup keeps your middleware organized and reusable across different routes.

Error-Handling Middleware

Error-handling middleware has a specific signature and can be added at the end of your middleware stack.

Step 1: Creating an Error-Handling Middleware

Here’s an example of an error-handling middleware:

function errorHandler(err, req, res, next) {
    console.error(err.stack);
    res.status(500).json({ error: 'Something went wrong!' });
}

// Use the error-handling middleware
app.use(errorHandler);

This function logs the error stack and responds with a generic error message, ensuring that the client does not receive sensitive information.

Step 2: Triggering an Error

You can test the error-handling middleware by intentionally triggering an error in a route:

app.get('/error', (req, res) => {
    throw new Error('Test error'); // This will be caught by the error handler
});

When accessing /error, the error-handling middleware will log the error and respond appropriately.

Chaining Middleware

Middleware can be chained together, allowing you to run multiple middleware functions in sequence for a single route.

Step 1: Chaining Middleware Functions

Here’s how to chain multiple middleware functions:

app.post('/items', logger, authenticate, (req, res) => {
    // Create a new item
    res.status(201).json({ message: 'Item created' });
});

In this example, both the logger and authenticate middleware run before the route handler.

Best Practices for Using Middleware

1. Keep Middleware Functions Small: Each middleware function should have a single responsibility, making it easier to test and maintain.

2. Order Matters: The order in which middleware is defined is important. Middleware will be executed in the order it is added to the application.

3. Use Built-In Middleware Where Possible: Whenever possible, use built-in middleware functions provided by Express to avoid reinventing the wheel.

4. Avoid Long-Running Middleware: Middleware functions should not block the event loop. If you have long-running processes, consider using asynchronous patterns or offloading tasks to background jobs.

5. Document Middleware: Clearly document the purpose and behavior of custom middleware to help other developers (or your future self) understand its functionality.

Middleware for Performance Monitoring

To gain insights into the performance of your API, consider adding middleware for monitoring:

Step 1: Installing a Monitoring Library

One popular library for monitoring is morgan. Install it using npm:

npm install morgan

Step 2: Setting Up Morgan

Integrate Morgan into your Express app:

const morgan = require('morgan');

// Use morgan to log requests in 'combined' format
app.use(morgan('combined'));

This middleware logs details about each request, helping you analyze performance over time.

Middleware for Rate Limiting

To protect your API from abuse, you can implement rate limiting using middleware.

Step 1: Installing Rate Limit Middleware

Install express-rate-limit:

npm install express-rate-limit

Step 2: Setting Up Rate Limiting

Configure rate limiting middleware:

const rateLimit = require('express-rate-limit');

const limiter = rateLimit({
    windowMs: 15 * 60 * 1000, // 15 minutes
    max: 100 // Limit each IP to 100 requests per windowMs
});

// Apply rate limiting middleware to all requests
app.use(limiter);

This setup limits the number of requests from a single IP address, helping to prevent denial-of-service attacks.

Conclusion

Middleware is a powerful feature in Express that enhances your API's functionality. By understanding the different types of middleware and how to create custom solutions, you can streamline your request-response cycle, manage errors effectively, and implement important features like logging and authentication. In the next tutorial, we will explore securing your API with authentication and authorization techniques.