Check out a free preview of the full API Design in Node.js, v3 course:
The "Routing & Middleware" Lesson is part of the full, API Design in Node.js, v3 course featured in this preview video. Here's what you'd learn in this lesson:

Scott defines middleware, and explains that it allows the user to modify the request in-flight and add things like logging and authentication to routes at a higher level.

Get Unlimited Access Now

Transcript from the "Routing & Middleware" Lesson

[00:00:00]
>> Scott Moss: So we did a little bit of routing you know just on the last exercise. But now we're going to dive deep into it and see how nice it is with Express. It's actually one of my most favorite part of Express is the routing. I use the Express routing well, actually Express routing using some other library but I use that library in other projects that I do that have to do with routing unrelated to like servers and stuff.

[00:00:21] It's that good. So what is Middleware? Does anybody know what Middleware is? It's like underwear, but it's in the middle, Middleware. Y'all don't wear middleware? Wow, [LAUGH] no, Middleware Nate, you said you used Express before, right?
>> Nate: Mm-hmm.
>> Scott Moss: Would you, what's your definition of Middleware?
>> Nate: I would say, I've seen that in the context of using, like, templating, like Handlebars.

[00:00:52] And from what I understand, it's sort of like software to allow two other softwares to talk to each other.
>> Scott Moss: Yeah, you can use Middleware to do that. That's one application of Middleware, for sure. Anybody else? I think we have the concept of Middleware in other server frameworks too, it's not just Express.

[00:01:09] I use Middleware a lot in writing stuff too, it's not something that's unique to Express. It's just like convention of, so like a software design pattern that Express adopted and popularized. But it's not created by Express. TLDR, it's basically just a list of functions that execute in order before your controllers.

[00:01:31] And we'll talk about controllers later, but you've already written controllers. If we go look at our code these are controls of these functions here, these are like our final functions that have to run before we respond back to the request, that's a controller. Middleware are just a list of functions that run before that.

[00:01:47] That's basically it. So, you can think of it as interceptors for route. Like route interceptors. So like, this request comes in, run this function, then this function, then this function, then this function, then finally respond with this function. So, all those functions that we ran before were middleware.

[00:02:02] They sit in the middle between your request and your response. Middleware. They allow you to execute functions on an incoming request with guaranteed order. That part is important. Order is very important, so however you register the Middleware and the routes with Express, that's the order that they're gonna execute.

[00:02:23] And that's important, because some Middleware might be relying on previous Middleware to do some type of enhancement on the request object. Or do some logging, or do some database creating before this other one executes. So order is very important.
>> Scott Moss: Some different types of scenarios you might use Middleware for are gonna be authenticating, which we're gonna be doing, transforming the requests, which is already happening in this file.

[00:02:49] So all this stuff right here that's doing app.use, so we have like app.use cors, app.use json, urlencoded, all the stuff that was here for you, all these are Middleware that I installed to transform the request when it comes in, and because these were defined before our routes were they happened first.

[00:03:09] So this CORS middleware makes our server CORS enabled. If you don't know what that means that basically CORS are short for cross-origin resource sharing. You have a server on mydomain.com and you have a website on some other domain.com, the browser might not allow you to interact with that server because it's on a different domain.

[00:03:30] It's across domain so the server has to implement cross domain resource sharing which basically means we allow this domain, we allow these headers, we allow this. So that's what CORS does. It basically allows your API to be used by other domains that are on the browser. Server to server communication doesn't really respect CORS.

[00:03:47] It's mostly just browsers. JSON, this is how we were able to get req.body. So req.body, that's actually really a lot of work to do in just Node without Express. You have to like you get all these bytes and you gotta put them together yourself. Then you gotta turn them into a string and then you gotta parse them.

[00:04:05] You gotta do all that manual work whereas this json middle work does it for you and just gives it to you in the way that you expect it to be, a javascript object. Urlencoded, we're not really using this but this is also a middle where that transforms the request.

[00:04:19] It just allows us to attach parameters to a URL. Like a query string, like a question mark, here's all this other stuff. It kind of does that for us. And then this Morgan one does all the logging for us. So if you saw any logs that we had in our server, when it was starting up like right here.

[00:04:40] /getdata, what the time it took. Morgan did that, it logged it for us. It just a logging middleware. So all these middleware don't really respond to the requests. They just transform the request then they go to the next one, in that order.
>> Scott Moss: But they can also respond to requests like a controller although that is not their intent, they can if they need to.

[00:05:05] They have the same power. That's not their intent. They don't want to respond to requests, but they can. For instance, if you have an authentication Middleware and you run authentication and turns out, they're not authenticated. Yeah, you probably wanna respond to the request right there and say they're not authenticated versus continue going forward.

[00:05:24] All right, so although the intention is not to respond to the request in Middleware, they do have the power to do so. So just keep that in mind.