Using Middleware for Schema Validation

[00:00:00]
>> Steve Kinney: What we want to do next is figure out ways in which to get our application to not have to go and find every single request and response right, because that's, again, not just tedious. I do tedious things all the time. Error-prone, because if I miss one, it's going to fall back to an any.

[00:00:24]
Then if I apply this stuff but I only apply it 80% of the way, that's better than not, but it's not giving me that peace of mind and sanity. So there are some patterns, and again, we will just and this point, lightly touch on them, cuz I don't want to get too much into the weeds of express itself.

[00:00:43]
But it is more like we will do it, so then you can apply the pattern. Cuz none of these frameworks, none of like, if you even look at what comes out of next, or spell kit, or Hono, or what have you, all right, they're all roughly the same.

[00:00:57]
Which is you can use in this case, in the case of Express, you can use middleware as well to add some of that type safety. And effectively reusable middleware to say hey, for all of these, I'm expecting various different things, and give yourself some abstractions. So to do that, we're going to go back into our little server land where we were before and like I said.

[00:01:18]
This is actually a great example because we didn't do it to every single thing in here. We did in that smaller example, and you already got bored watching me there. So I'll spare you in here because it's the same thing. But here we can actually take a little bit more of a one level higher approach.

[00:01:40]
Which is, again, you can have middleware either for entire parts of the app, right, and or you can just do it on a given route depending on what you want to do. Or mix and match places that you will see Middleware normally used a lot is stuff like, if it is you need to be logged in, right?

[00:01:59]
You can have some middleware which checks to see if they have an auth token. And in some cases, we'll fill in the current user onto that local thing that we said before. So you do request.user and actually get a real user versus either just the auth token or something along those lines.

[00:02:17]
And then you can then reuse that across many routes, right? Or everything under a certain route, so on and so forth, right? You can do the same thing with this as well, right? You can do the same thing with like middleware to like validate your types. Right, which is again, make a bunch of assumptions on every request that comes through this so that by the time we get to the part of the code we write, all of that has been handled for us.

[00:02:50]
So, like the dumbest middleware, right, is dumbest middleware.
>> Steve Kinney: We're lowercasing the w.
>> Steve Kinney: Is this. The first part of the Middleware looks exactly like the request, right?. Okay, and then it has this next function, right? And that says okay, now move on to the next part of the chain.

[00:03:23]
And the way that you would use it is for instance, you would pop it in here. And so when they get to the get test, first, it would go through this dumbest middleware, hit next, and then move on to the next part of the chain, right? And so what we can do here is start to make some assumptions about what we're working with.

[00:03:45]
And so one thing I'm gonna do real quick is you get a lot better typing if you go in the opposite direction here. We just say that this is a request handler, cuz now you can see, it does get the request type, the response type, and the next type.

[00:04:04]
So, what we could do for instance, let's say this is, validate CreateUser, that seems good, right? We could say,
>> Steve Kinney: We'll have a try-catch block where we will try to make sure that this request body, we'll just Store in a variable here for a second, is actually a new user.

[00:04:42]
Are too many different examples, validate, create task is what we're doing here, and that this is, in fact, a task if so, move on to the next one. Otherwise, go ahead and throw an error. So now we know by the time that it will get to the post request that it ought to have been checked.

[00:05:11]
We'll see what happens in a second. Cool and so where's that post request? Here it is, and we just pop that middleware in right here, and request hasn't really changed, right? Which is a bummer, but we could do is like, add some again, that type annotations. Gotta get rid of the dumbest middleware.

[00:05:37]
It's gone. There is no more dumbest middleware. Is in here, effectively there are defaults for all of this type stuff. So yeah, it's cool. This is the middleware that keeps everything as chaotic as it was. Right, but what we can do is say, actually, no, this is a request handler and unfortunately, to get to the request body, you've got to get through the path params and the response body first.

[00:06:05]
I don't make the rules, what we can do is we can, it's going to yell at me because it's not going to like that, that was the path params. And then I'm going to go with an unknown for the response body and I'm gonna say that the request body is going to be that create task type, right?

[00:06:38]
And other than some poor choices over in there, what are we angry about? Otherwise, yeah, it doesn't like this, but and like that, but we'll leave that alone for a second. If we look, we just actually grabbed we can just get rid of this completely.
>> Steve Kinney: Look at that task is what it is supposed to be, right because we have this middleware called validate Create task, and it passed through and checked everything right.

[00:07:19]
And so now we can define just like these middleware that we need right, and then any route that uses the middleware, everything will be correctly typed. And we don't have to find this all over the place.