โ๏ธ Extracting a middleware
It is very common that in an application there are operations we want to perform for most or all requests.
For instance, we often want to check authentication details for every request to an endpoint which requires authentication.
And typically we use the same format for all POST request bodies to an application (often JSON, but some applications use other formats) - we want to parse all POST request bodies in that format.
It can be annoying to have to write the same code (like calling parseRequestAsJsonObject) in every handler. It can also be dangerous to require doing so:
โ ๏ธWarning
If we forget to call a function to check a user is logged in in one endpoint, that may be a big security problem.
One strategy to improve this is to use a
Reading
Exercise
Write a tiny Express application. You must write two separate middlewares.
Requirements:
- There must be an endpoint which handles POST requests.
- A middleware should look for a header with name
X-Username. If this is set, it will modifyreqto add ausernameproperty set to this value. If it is not set, the property should be set tonull. - A middleware should parse the request POST body as a JSON array. It should modify
reqto add abodyproperty to this value. If the POST body was not a JSON array, or the array contains non-string elements, it should reject the request. - The response should look like:
You are authenticated as Ahmed.
You have requested information about 4 subjects: Birds, Bats, Lizards, Bees.
or
You are not authenticated.
You have requested information about 1 subject: Bees.
or
You are authenticated as Gemma.
You have requested information about 0 subjects.
You can test your application by running some curl commands like:
% curl -X POST --data '["Bees"]' -H "X-Username: Ahmed" http://localhost:3000
You are authenticated as Ahmed.
You have requested information about 1 subject: Bees.