Middleware System

Novaxjs2 provides a flexible middleware system for request processing, error handling, and response transformation. Middleware functions have access to the request and response objects and can execute any code, make changes to these objects, or end the request-response cycle.

Standard Middleware

Global middleware that runs for every request:

// Logging middleware
app.useMiddleware((req, res, next) => {
  console.log(`${new Date().toISOString()} - ${req.method} ${req.url}`);
  next(); // Call next middleware
});

// Authentication middleware
app.useMiddleware((req, res, next) => {
  const token = req.headers.authorization;
  if (token === 'secret-token') {
    req.user = { id: 1, name: 'John Doe' };
    next();
  } else {
    res.status(401).end('Unauthorized');
  }
});

// Body parsing middleware (built-in)
// JSON and form data parsing is automatic in Novaxjs2

Error Middleware

Middleware that handles errors in the application:

// Error handling middleware
app.useErrorMiddleware((err, req, res, next) => {
  console.error('Error:', err.stack);
  
  // Custom error responses based on error type
  if (err.statusCode === 404) {
    return res.status(404).end('Page not found');
  }
  
  res.status(500).end('Internal Server Error');
});

// Async error handling
app.useErrorMiddleware(async (err, req, res, next) => {
  // Log error to database or external service
  await logErrorToService(err, req);
  
  res.status(500).json({
    error: 'Something went wrong',
    requestId: req.id // Custom request ID
  });
});

Built-in Middleware

Novaxjs2 includes several built-in middleware functions:

// Static file serving
app.serveStatic('public'); // Serve files from 'public' directory

// Automatic body parsing for:
// - JSON (application/json)
// - Form data (application/x-www-form-urlencoded)
// - Multipart form data (multipart/form-data) for file uploads

// CORS support
app.cors({
  origins: ['https://example.com', 'http://localhost:3000'],
  methods: 'GET, POST, PUT, DELETE, OPTIONS',
  headers: 'Content-Type, Authorization',
  credentials: true
});

Middleware Execution Order

Middleware executes in the order they are defined. Understanding the execution flow is crucial:

app.useMiddleware((req, res, next) => {
  console.log('Middleware 1');
  next();
});

app.useMiddleware((req, res, next) => {
  console.log('Middleware 2');
  next();
});

app.get('/', (req, res) => {
  console.log('Route handler');
  return 'Hello World';
});

// Execution order:
// 1. Middleware 1
// 2. Middleware 2
// 3. Route handler

Middleware Best Practices

• Always call next() to pass control to the next middleware
• Handle errors properly in error middleware
• Use async middleware for I/O operations
• Keep middleware focused on single responsibilities

Route-Specific Middleware

Novaxjs2 supports adding middleware to specific routes, allowing for fine-grained control over request processing.

Adding Middleware to Routes

Apply middleware to individual routes:

// Middleware function
function logRequest(req, res, next) {
  console.log(`Request: ${req.method} ${req.url}`);
  next();
}

function requireAuth(req, res, next) {
  if (!req.headers.authorization) {
    return res.status(401).end('Authentication required');
  }
  next();
}

// Route with middleware
app.get('/protected', logRequest, requireAuth, (req, res) => {
  return 'This route is protected by middleware';
});

// POST route with middleware
app.post('/api/data', logRequest, requireAuth, (req, res) => {
  return { message: 'Data processed successfully' };
});

Multiple Middleware

Chain multiple middleware functions together:

// Validation middleware
function validateUserData(req, res, next) {
  const { username, email } = req.body;
  if (!username || !email) {
    return res.status(400).end('Username and email are required');
  }
  next();
}

// Sanitization middleware
function sanitizeData(req, res, next) {
  if (req.body.username) {
    req.body.username = req.body.username.trim();
  }
  next();
}

// Rate limiting middleware
function rateLimit(req, res, next) {
  const ip = req.ip;
  const requests = requestCount[ip] || 0;
  if (requests > 100) {
    return res.status(429).end('Too many requests');
  }
  requestCount[ip] = requests + 1;
  next();
}

app.post('/register', 
  rateLimit,
  validateUserData,
  sanitizeData,
  (req, res) => {
    // Process registration
    return { message: 'User registered successfully' };
  }
);

Async Middleware

Middleware can be asynchronous for database operations or API calls:

// Async middleware for database operations
async function loadUser(req, res, next) {
  try {
    const user = await User.findById(req.params.userId);
    if (!user) {
      return res.status(404).end('User not found');
    }
    req.user = user;
    next();
  } catch (error) {
    next(error);
  }
}

// Async middleware for API calls
async function fetchExternalData(req, res, next) {
  try {
    const response = await fetch('https://api.example.com/data');
    req.externalData = await response.json();
    next();
  } catch (error) {
    next(error);
  }
}

app.get('/user/:userId/profile',
  loadUser,
  fetchExternalData,
  (req, res) => {
    return {
      user: req.user,
      externalData: req.externalData
    };
  }
);

Error Handling in Route Middleware

Proper error handling in route-specific middleware:

// Error-prone middleware
function riskyOperation(req, res, next) {
  try {
    // Some operation that might fail
    if (Math.random() > 0.5) {
      throw new Error('Something went wrong');
    }
    next();
  } catch (error) {
    next(error); // Pass error to error middleware
  }
}

// Alternatively, use async/await with try/catch
async function asyncRiskyOperation(req, res, next) {
  try {
    await someAsyncOperation();
    next();
  } catch (error) {
    next(error);
  }
}

app.get('/risky', riskyOperation, (req, res) => {
  return 'This might fail sometimes';
});