Security News
RubyGems.org Adds New Maintainer Role
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
middie is the plugin that adds middleware support on steroids to Fastify.
The syntax style is the same as express/connect.
Does not support the full syntax middleware(err, req, res, next)
, because error handling is done inside Fastify.
npm install middie
Register the plugin and start using your middleware.
const Fastify = require('fastify')
async function build () {
const fastify = Fastify()
await fastify.register(require('middie'), {
hook: 'onRequest' // default
})
// do you know we also have cors support?
// https://github.com/fastify/fastify-cors
fastify.use(require('cors')())
return fastify
}
build()
.then(fastify => fastify.listen(3000))
.catch(console.log)
The encapsulation works as usual with Fastify, you can register the plugin in a subsystem and your code will work only inside there, or you can declare the middie plugin top level and register a middleware in a nested plugin, and the middleware will be executed only for the nested routes of the specific plugin.
Register the plugin in its own subsystem:
const fastify = require('fastify')()
fastify.register(subsystem)
async function subsystem (fastify, opts) {
await fastify.register(require('middie'))
fastify.use(require('cors')())
}
Register a middleware in a specific plugin:
const fastify = require('fastify')()
fastify
.register(require('middie'))
.register(subsystem)
async function subsystem (fastify, opts) {
fastify.use(require('cors')())
}
Every registered middleware will be run during the onRequest
hook phase, so the registration order is important.
Take a look at the Lifecycle documentation page to understand better how every request is executed.
const fastify = require('fastify')()
fastify
.register(require('middie'))
.register(subsystem)
async function subsystem (fastify, opts) {
fastify.addHook('onRequest', async (req, reply) => {
console.log('first')
})
fastify.use((req, res, next) => {
console.log('second')
next()
})
fastify.addHook('onRequest', async (req, reply) => {
console.log('third')
})
}
If you want to change the Fastify hook that the middleware will be attached to, pass a hook
option like so:
const fastify = require('fastify')()
fastify
.register(require('middie'), { hook: 'preHandler' })
.register(subsystem)
async function subsystem (fastify, opts) {
fastify.addHook('onRequest', async (req, reply) => {
console.log('first')
})
fastify.use((req, res, next) => {
console.log('third')
next()
})
fastify.addHook('onRequest', async (req, reply) => {
console.log('second')
})
fastify.addHook('preHandler', async (req, reply) => {
console.log('fourth')
})
}
If you need to run a middleware only under certain path(s), just pass the path as first parameter to use and you are done!
const fastify = require('fastify')()
const path = require('path')
const serveStatic = require('serve-static')
fastify
.register(require('middie'))
.register(subsystem)
async function subsystem (fastify, opts) {
// Single path
fastify.use('/css', serveStatic(path.join(__dirname, '/assets')))
// Wildcard path
fastify.use('/css/*', serveStatic(path.join(__dirname, '/assets')))
// Multiple paths
fastify.use(['/css', '/js'], serveStatic(path.join(__dirname, '/assets')))
}
You can also use the engine itself without the Fastify plugin system.
const Middie = require('middie/engine')
const http = require('http')
const helmet = require('helmet')
const cors = require('cors')
const middie = Middie(_runMiddlewares)
middie.use(helmet())
middie.use(cors())
http
.createServer(function handler (req, res) {
middie.run(req, res)
})
.listen(3000)
function _runMiddlewares (err, req, res) {
if (err) {
console.log(err)
res.end(err)
return
}
// => routing function
}
If you need it you can also keep the context of the calling function by calling run
with run(req, res, this)
, in this way you can avoid closures allocation.
http
.createServer(function handler (req, res) {
middie.run(req, res, { context: 'object' })
})
.listen(3000)
function _runMiddlewares (err, req, res, ctx) {
if (err) {
console.log(err)
res.end(err)
return
}
console.log(ctx)
}
If you need to run a middleware only under certains path(s), just pass the path as first parameter to use
and you are done!
Note that this does support routes with parameters, e.g. /user/:id/comments
, but all the matched parameters will be discarded
// Single path
middie.use('/public', staticFiles('/assets'))
// Multiple middleware
middie.use('/public', [cors(), staticFiles('/assets')])
// Multiple paths
middie.use(['/public', '/dist'], staticFiles('/assets'))
// Multiple paths and multiple middleware
middie.use(['/public', '/dist'], [cors(), staticFiles('/assets')])
To guarantee compatibility with Express, adding a prefix uses path-to-regexp
to compute
a RegExp
, which is then used to math every request: it is significantly slower.
To use this module with TypeScript, make sure to install @types/connect
.
Fastify offers some alternatives to the most commonly used Express middleware:
Express Middleware | Fastify Plugin |
---|---|
helmet | fastify-helmet |
cors | fastify-cors |
serve-static | fastify-static |
This project is kindly sponsored by:
Past sponsors:
Licensed under MIT.
FAQs
`middie@7.1.0` has been deprecated. Please use `@fastify/middie@8.0.0` instead.
The npm package middie receives a total of 23,394 weekly downloads. As such, middie popularity was classified as popular.
We found that middie demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 13 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.