Middleware in Express.js

Express.js is a popular web framework for Node.js that makes building web applications and APIs easier. One of the core features of Express is its use of middleware functions. Middleware acts as a bridge between the request and the final route handler, allowing you to modify or process the request before it reaches the route logic.

Middleware in Express is fundamental to handling various tasks such as logging, authentication, validation, parsing request bodies, and serving static files, among many others.

In this post, we will delve into what middleware is, how it works in Express.js, and explore both built-in and custom middleware. By the end of this guide, you’ll have a clear understanding of how middleware fits into an Express application and how to use it effectively.

---

Table of Contents

1. What is Middleware?
2. Types of Middleware in Express.js
3. How Middleware Works in Express
4. Using Built-in Middleware
   • express.json()
   • express.static()
5. Creating Custom Middleware
   • Logging Middleware
   • Authentication Middleware
   • Validation Middleware
6. Error Handling Middleware
7. Chaining Middleware Functions
8. Best Practices for Using Middleware
9. Conclusion

---

1. What is Middleware?

In general, middleware is any function that has access to the request (req), response (res) objects, and the next() function in an Express.js application. It performs some operations on the request or response and then passes control to the next middleware function in the stack using next().

Middleware can be used for a variety of tasks:

• Logging requests: Record the details of each incoming request.
• Authentication: Verify that the user is authenticated before proceeding.
• Body parsing: Convert incoming request bodies into JSON or other formats.
• Serving static files: Deliver files like images, CSS, or JavaScript.
• Error handling: Catch and handle errors in a consistent way.

Middleware functions can be global (applied to all routes) or route-specific (applied only to specific routes). They are executed in the order they are defined.

---

2. Types of Middleware in Express.js

Middleware in Express can be categorized into three main types:

2.1 Application-Level Middleware

This type of middleware is bound to the entire application and runs for every incoming request.

Example:

app.use(express.json()); // Middleware to parse incoming JSON payloads

2.2 Router-Level Middleware

Middleware can also be applied to specific routers, allowing more granular control over which routes should use certain middleware.

Example:

const router = express.Router();

router.use(logRequest); // Apply logRequest middleware only to routes within this router

2.3 Error Handling Middleware

Error-handling middleware is used to catch and handle errors in the application. It always takes four arguments: err, req, res, next.

Example:

app.use((err, req, res, next) => {
  console.error(err.stack);
  res.status(500).send('Something went wrong!');
});

2.4 Built-in Middleware

Express comes with several built-in middleware functions to handle common tasks, such as parsing incoming request bodies, serving static files, etc.

---

3. How Middleware Works in Express

In Express, middleware functions are executed sequentially in the order they are defined using app.use() or within a route definition. When a request is made to the server, it passes through the middleware stack in the order the middleware is registered. Here’s a general flow:

1. Request received: When a request hits the server, it first passes through the global middleware.
2. Middleware processes request: Each middleware function can either modify the request or perform some task (e.g., logging, parsing, authentication).
3. Route handler: If no middleware sends a response, the request is passed to the appropriate route handler (if it matches the URL and HTTP method).
4. Response sent: Once the route handler processes the request, a response is sent back to the client.

Here’s an example:

const express = require('express');
const app = express();

// Global Middleware
app.use((req, res, next) => {
  console.log('Middleware 1: Request received');
  next(); // Pass control to the next middleware
});

// Route-specific Middleware
app.use('/api', (req, res, next) => {
  console.log('Middleware 2: API route hit');
  next();
});

app.get('/api', (req, res) => {
  res.send('Hello from the API!');
});

// Starting the server
app.listen(3000, () => {
  console.log('Server running on http://localhost:3000');
});

In this example:

• Middleware 1 will execute on every request.
• Middleware 2 will execute only on requests to the /api route.
• Finally, the route handler sends the response if no middleware sends it earlier.

---

4. Using Built-in Middleware

Express comes with several useful built-in middleware functions that are commonly used in web applications.

4.1 express.json()

This middleware is used to parse incoming requests with JSON payloads. It is a very commonly used middleware when building APIs that expect to receive JSON data in the request body.

app.use(express.json());

app.post('/data', (req, res) => {
  const receivedData = req.body;  // The JSON data is now parsed into req.body
  res.send({ message: 'Data received', data: receivedData });
});

4.2 express.static()

This middleware serves static files, such as HTML, CSS, JavaScript, and image files, from a directory. It is commonly used to serve assets in web applications.

app.use(express.static('public'));

app.get('/', (req, res) => {
  // The 'index.html' file will be served from the 'public' directory
  res.sendFile('index.html');
});

---

5. Creating Custom Middleware

You can create your own middleware functions to perform specific tasks before the request reaches the route handler. Below are examples of common custom middleware:

5.1 Logging Middleware

A simple logging middleware can log details of each request, such as the method and URL.

function logRequest(req, res, next) {
  console.log(${req.method} ${req.url} at ${new Date().toISOString()});
  next(); // Call the next middleware or route handler
}

app.use(logRequest);

This will log every incoming request to the server.

5.2 Authentication Middleware

Authentication middleware is used to verify whether a user is authenticated before allowing access to a protected route.

function isAuthenticated(req, res, next) {
  if (req.isAuthenticated()) { // Assuming isAuthenticated() checks user session
return next();
  } else {
res.status(401).send('Unauthorized');
  }
}

app.use('/protected', isAuthenticated, (req, res) => {
  res.send('This is a protected resource');
});

5.3 Validation Middleware

Validation middleware can be used to validate input data before passing it to the route handler.

function validateUserData(req, res, next) {
  const { name, age } = req.body;
  
  if (!name || !age) {
return res.status(400).send('Name and age are required');
  }
  
  next(); // Proceed to the next middleware or route handler
}

app.post('/user', validateUserData, (req, res) => {
  res.send('User data is valid!');
});

---

6. Error Handling Middleware

Error handling middleware is a special type of middleware that catches errors and provides consistent responses. It always takes four arguments: err, req, res, next.

app.use((err, req, res, next) => {
  console.error(err.stack);
  res.status(500).send('Something went wrong!');
});

This middleware will catch all errors that occur during the request lifecycle and send a response to the client.

---

7. Chaining Middleware Functions

Express allows you to chain multiple middleware functions together to handle complex logic. For example, you can use middleware to log requests, authenticate users, and then validate data in sequence.

app.use(logRequest);
app.use(isAuthenticated);
app.use(validateUserData);

app.post('/user', (req, res) => {
  res.send('User validated and authenticated!');
});

The middleware functions will execute in the order they are defined, ensuring a smooth workflow.

---

8. Best Practices for Using Middleware

Here are a few best practices when using middleware in your Express applications:

• Order of Middleware: The order in which middleware is applied is critical. Middleware is executed sequentially, so place global middleware (e.g., body parsers) before route-specific middleware or error-handling middleware.
• Separation of Concerns: Break down complex middleware into smaller, reusable pieces. For example, create separate middleware for logging, authentication, and validation.
• Error Handling: Always have a centralized error-handling middleware at the end of your middleware stack to ensure that errors are consistently managed.
• Avoid Blocking Middleware: Middleware should not block the event loop. Avoid performing heavy computation or synchronous operations within middleware functions.
• Security: Be cautious when using middleware to handle sensitive data. Ensure that authentication and validation middleware are applied to sensitive routes.