🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more
Sign In

@blue.ts/middleware

Package Overview
Dependencies
Maintainers
1
Versions
5
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@blue.ts/middleware

Built-in middleware for blue.ts. Includes CORS, request logging, input validation, rate limiting, and static file serving.

latest
Source
npmnpm
Version
0.2.3
Version published
Maintainers
1
Created
Source

@blue.ts/middleware

Built-in middleware for blue.ts. Includes CORS, request logging, input validation, rate limiting, and static file serving.

Installation

bun add @blue.ts/middleware

CORS

Handles preflight requests and applies Access-Control-* headers.

import { createCorsMiddleware } from '@blue.ts/middleware';

// Allow any origin
const Cors = createCorsMiddleware({ origins: '*' });

// Specific origin with credentials
const Cors = createCorsMiddleware({
    origins: 'https://app.example.com',
    credentials: true,
    methods: ['GET', 'POST', 'DELETE'],
    headers: ['Content-Type', 'Authorization'],
    maxAge: 86400, // preflight cache in seconds
});

// Dynamic origin check
const Cors = createCorsMiddleware({
    origins: (origin) => origin.endsWith('.example.com'),
});

app.use(Cors);

For different policies per route, each createCorsMiddleware call produces a unique class that can be registered independently:

const PublicCors = createCorsMiddleware({ origins: '*' });
const AdminCors  = createCorsMiddleware({ origins: 'https://admin.example.com', credentials: true });

app.group('/public', [PublicCors], (r) => { ... });
app.group('/admin',  [AdminCors],  (r) => { ... });

Options

OptionTypeDefaultDescription
originsstring | string[] | (origin: string) => booleanRequired. Allowed origins.
methodsstring[]All standard methodsAllowed HTTP methods.
headersstring[]['Content-Type', 'Authorization']Allowed request headers.
credentialsbooleanfalseSet Access-Control-Allow-Credentials.
maxAgenumber86400Preflight cache duration in seconds.

Request Logging

Logs method, path, status code, and duration for every request.

import { LoggingMiddleware } from '@blue.ts/middleware';

app.use(LoggingMiddleware);
// → {"timestamp":"2024-01-01T00:00:00.000Z","method":"GET","path":"/users","status":200,"durationMs":12}

Custom writer — useful for integrating with @blue.ts/logging or suppressing output in tests:

const Logging = new LoggingMiddleware({
    writer: (entry) => logger.info('HTTP', entry),
});

Input Validation

Validates the request body against a schema. Returns 422 Unprocessable Entity on failure. Works with any schema library that implements { safeParse(data): { success, data, error } } (Zod, Valibot, etc.).

import { createValidationMiddleware } from '@blue.ts/middleware';
import { z } from 'zod';

const schema = z.object({
    name: z.string().min(1),
    email: z.string().email(),
});

const Validate = createValidationMiddleware(schema);

app.post('/users', createUserHandler, { middlewares: [Validate] });

On validation failure:

{ "error": "Validation failed", "issues": [...] }

Rate Limiting

Sliding window rate limiter. Responds with 429 Too Many Requests when the limit is exceeded and sets standard X-RateLimit-* headers.

import { RateLimitMiddleware } from '@blue.ts/middleware';

const RateLimit = new RateLimitMiddleware({
    windowMs: 60_000, // 1 minute
    max: 100,         // requests per window
});

app.use(RateLimit);

Custom key function — rate limit by user ID instead of IP:

import { getAuthUser } from '@blue.ts/auth';

const RateLimit = new RateLimitMiddleware({
    windowMs: 60_000,
    max: 1000,
    keyFn: (ctx) => getAuthUser(ctx.req)?.id ?? ctx.req.headers.get('x-forwarded-for') ?? 'unknown',
});

Custom store — plug in Redis or any other backend:

import type { RateLimitStore } from '@blue.ts/middleware';

class RedisRateLimitStore implements RateLimitStore {
    increment(key: string, windowMs: number): Promise<{ count: number; resetMs: number }> {
        // ...
    }
}

const RateLimit = new RateLimitMiddleware({
    windowMs: 60_000,
    max: 100,
    store: new RedisRateLimitStore(),
});

Response headers

HeaderDescription
X-RateLimit-LimitMaximum requests per window
X-RateLimit-RemainingRequests remaining in current window
X-RateLimit-ResetUnix timestamp (ms) when the window resets
Retry-AfterSeconds to wait (only on 429 responses)

Static Files

Serves files from a directory.

import { StaticMiddleware } from '@blue.ts/middleware';

const Static = new StaticMiddleware({
    root: './public',
    prefix: '/static', // optional URL prefix
});

app.use(Static);
// GET /static/logo.png → serves ./public/logo.png

Combining Middleware

Middleware is applied in order. Global middleware runs before group/route middleware.

import { createCorsMiddleware, LoggingMiddleware, RateLimitMiddleware, createValidationMiddleware } from '@blue.ts/middleware';
import { z } from 'zod';

// Global
app.use(LoggingMiddleware);
app.use(createCorsMiddleware({ origins: '*' }));

// Per group
app.group('/api', [new RateLimitMiddleware({ windowMs: 60_000, max: 100 })], (r) => {
    r.post('/users', createUserHandler, {
        middlewares: [createValidationMiddleware(z.object({ name: z.string() }))],
    });
});

FAQs

Package last updated on 06 Apr 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts