Middleware

1. What is Middleware?

• Similar to automobile factory processes, adds necessary functionality to requests or removes problematic items

• One of Express's biggest advantages

• Can easily apply tasks that might be cumbersome in servers implemented with Node.js alone

2. Situations When Using Middleware

(1) When structuring body (payload) included in POST requests (when you want to easily extract it)

Code to receive HTTP request body with Node.js

let body = [];
request
  .on('data', (chunk) => {
    body.push(chunk);
  })
  .on('end', () => {
    body = Buffer.concat(body).toString();
    // payload is contained in body variable as string
    // combine chunks on network and convert buffer to string
  });

Code using body-parser middleware

const bodyParser = require('body-parser');
const jsonParser = bodyParser.json();
// ... omitted
app.post('/users', jsonParser, function (req, res) {});

From Express v4.16.0, use built-in middleware express.json() without installing body-parser

const jsonParser = express.json();
// ... omitted
app.post('/api/users', jsonParser, function (req, res) {});

If there's an error using express.json() middleware? → Add {strict: false} to options

const jsonParser = express.json({ strict: false });
// ... omitted
app.post('/api/users', jsonParser, function (req, res) {});

(2) When CORS headers need to be attached to all requests/responses

Applying CORS to Node.js

// Need to add headers to each routing
const defaultCorsHeader = {
  'Access-Control-Allow-Origin': '*',
  'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, OPTIONS',
  'Access-Control-Allow-Headers': 'Content-Type, Accept',
  'Access-Control-Max-Age': 10,
};
// ... omitted

// Need to implement routing for OPTIONS method separately
if (req.method === 'OPTIONS') {
  res.writeHead(200, defaultCorsHeader);
  res.end();
}

Using cors middleware: Allow CORS for all requests

const cors = require('cors');
// ... omitted
app.use(cors());

Using cors middleware: Allow CORS for specific requests

const cors = require('cors');
// ... omitted
app.get('/products/:id', cors(), function (req, res, next) {
  res.json({ msg: 'This is CORS-enabled for a Single Route' });
});

(3) When checking URL or method for all requests

Apply middleware to all requests using use method

const express = require('express');
const app = express();

const myLogger = function (req, res, next) {
  console.log('LOGGED');
  next();
};

app.use(myLogger);

app.get('/', function (req, res) {
  res.send('Hello World');
});

app.listen(3000);

(4) When checking if user authentication information is contained in request headers

Determine if there's a token in HTTP request, return success if already logged in user, error if not

app.use((req, res, next) => {
  // Check if there's a token
  if (req.headers.token) {
    req.isLoggedIn = true;
    next();
  } else {
    res.status(400).send('invalid users');
  }
});