0:01

Welcome to syntax on this Monday. Hasty treat.

0:03

We're going to be stepping into your context

0:05

here. We're going to be adding some information

0:07

and we're going to be downloading directly into

0:09

your brain. That's right. We're talking about middleware.

0:11

My name is Scott. It's a gamma developer

0:13

from Denver. And with me as

0:15

always is west boss back from

0:18

vacation. West. Yeah. Going. Yeah.

0:20

Good. I, uh, little scatter brain

0:22

right now. Cause you got to, you know,

0:24

when you get back from vacation, there's a million little things

0:27

that you gotta gotta get to, but pretty,

0:30

pretty stoked and, uh, and

0:32

well rested. So ready to talk about

0:34

middleware. Yeah. It's always good

0:36

to come back from a vacation and

0:39

talk about middleware. Uh, we talk

0:41

about a lot of things on this podcast. And if

0:43

you want to hear CJ West

0:45

and I talk about even more

0:47

head on over to our YouTube,

0:49

which is, uh, youtube.com/at

0:52

syntax FM on YouTube. We're

0:54

posting a ton of stuff.

0:56

In fact, just the

0:58

day we're recording this today, which will

1:01

slightly date this, uh, CJ released a

1:03

video showing practical examples of has the,

1:05

actually the things that we talked about

1:07

on this very show. And people said,

1:09

we want to see code. Well,

1:11

CJ has given you code and

1:13

he built a little mini site where you can even play

1:15

with these things. It's pretty sweet. It's really,

1:17

really pretty sweet. So check it out. Uh,

1:20

syntax FM on YouTube. If you have not

1:22

subscribed, go over there and just break your

1:24

track pad. Just press that subscribe button so

1:27

hard. So, uh, let's get into it.

1:29

Middleware. What is it? Why is it handy? Why do

1:31

people care about it? Why do you use it? Yeah.

1:33

I thought we'd talk about middleware. I think it's

1:35

an interesting part of building

1:38

really any application. And this,

1:41

the concept of middleware applies to absolutely

1:44

everything systems design, but we're going to be

1:46

talking about it in terms of like, you're

1:48

building a backend web server and

1:51

when might you need middleware and why

1:54

is it handy? So middleware

1:56

is for is A

1:58

bunch of code. Or some code. That

2:00

would run. In. Between the

2:03

initial request and the actual

2:05

event handler that handles your.

2:08

Data. That's coming in so somebody visit. See

2:10

you around this submit a form. They.

2:12

Save something they try to access

2:15

around that is behind a log

2:17

in state. A. Lot of

2:19

times when you want to run

2:21

some sort of logic or functionality.

2:24

Before. The user hits that

2:26

route handler om you inject what's

2:28

called middleware which is a function

2:30

that will run in. It could

2:32

be multiple functions as well and

2:34

it's used to. Check

2:37

if somebody has access to a specific route

2:39

its use to. Will

2:41

do a whole bunch of examples

2:43

but generate some data from a

2:45

another system and bring it into

2:47

that specific request. Ability to skip

2:49

expense of operations: Take the logic

2:52

out of a you around handler

2:54

because sometimes you'll have a route

2:56

handler. That. Will do specifically

2:58

something and it doesn't make sense

3:00

to muddy the logic of that

3:03

wrote handler. Maybe I'm somebody. Saves

3:05

an item to the database, right?

3:07

They update an item, the cook

3:09

the save button. It doesn't always

3:11

make sense to put all of

3:14

the logic behind a sanitation and

3:16

I data parsing and which switch

3:18

servers are going to multi ten

3:20

Affleck is. doesn't make sense to

3:23

put all of that logic into

3:25

that specific route handler. Because

3:27

you can just assume that those things

3:29

are in place at that point and

3:31

put that other logic into a middleware.

3:33

So I've been using middleware for for

3:35

quite awhile. It's been a concept in.

3:38

Expression was was the first time that

3:40

I've ran into it specifically be assigned

3:43

called connect By. It's all of the

3:45

modern frameworks now as well have this

3:47

concept of middleware when I'm talking about

3:49

how to use it in and some

3:51

examples as well. Yeah. In

3:53

into even just give a

3:55

our food sandwich based analogy

3:57

here. We go ahead. If

4:00

the request is the sandwich going into

4:02

your mouth. Or the requests

4:04

respond to. You could take of the middleware caspian

4:06

like the bread right? It yeah, steps

4:08

in. Between. The meat of all the

4:11

stuff you're doing at the top, in the bottom of it,

4:13

right? you got. You. Got the

4:15

top layer. Always the matter is. The.

4:17

What maker? Ah, Is

4:20

added. My brother in law is I think

4:22

that the friends references in it either. Yeah

4:24

now on his M M. My brother laws

4:26

of Big Friends was an eye for the

4:28

record A hit Friends I think it's a

4:30

garbage Shelves are by recognize that nonsense and

4:32

he gets of each other's do things that

4:34

makes that make me laugh about friends as

4:36

to this and awesome maker and lot of

4:38

noise maker is that the idea that you

4:41

have a. A sandwich

4:43

and you need to add some in a gives

4:45

you moisture right. and I got a turkey sandwich

4:47

sauce over Thanksgiving in there there's a layer that.

4:49

You add to that to add the moisture

4:51

to at. and I've never seen that friends

4:53

episode but I I get the reference and

4:56

Cats will. Either way, it is is destined

4:58

to a request and response at the start

5:00

and end of your browser as I can

5:02

do all sorts of stuff. So let's talk

5:04

about the real world. Examples like

5:07

what what my you use middleware for I

5:09

think a big one that you know a

5:11

lot of web sites have is authentication right

5:13

arm and the way that authentication works and

5:16

middleware is that that request com Then usually

5:18

that authentication token is in a cookie or

5:20

something. right? And what you do it that

5:22

cookie is the new Go look up the

5:25

session that the users lot, Then are you

5:27

look up the user you check to make

5:29

sure that they're properly authorized or authenticated and

5:31

then you load up that user data and

5:33

yeah put in in the context in in

5:36

that. Information for the user, the rolls

5:38

or whatever is available for anything you

5:40

need to do from that point forward.

5:43

The I'm a it's often make sense

5:46

to. Like for example, in

5:48

my application I have four sys admin

5:50

and then I have. Are probably

5:52

sixteen different routes. different

5:55

routes i can be rendered as well as different

5:57

routes i can be up the data us And

6:00

I don't put the logic of are they

6:02

logged in and do they have the permissions

6:05

in every single one of those routes. You

6:07

put it in a single piece of

6:09

middleware and you say apply this middleware to

6:12

any/admin route handlers. And what that middleware would

6:14

do is that yet, like Scott says, it

6:16

looks up the current user if

6:19

and it will look up their current, if

6:22

they have access to those specific things. And if they

6:24

don't, it throws an error and it will render out

6:26

an error page so you don't have access to this

6:29

specific thing. But

6:31

if it does, it puts the

6:33

user on the request and then

6:35

any route that's after admin will

6:38

now have access to the current

6:40

user and you can generally access

6:42

it via something like request.user or

6:44

request.data. How you access those

6:47

values is different in every single application, but

6:49

generally they just stick it into the request

6:52

or make it available via

6:54

the async local storage API, which

6:56

is new in Node.js. Yeah,

6:59

and generally, when we're talking about this

7:02

stuff, we're gonna be referring to that

7:04

as context because that makes

7:06

sense. Wes just flashing

7:09

his syntax sticker there on video. Yeah,

7:13

Wes put a syntax sticker on the bottom of

7:15

the mug so anytime he takes a drink, it's

7:17

great. But

7:21

so that when we refer to context

7:23

in this episode, what we're talking about

7:25

is less of the technical bones of

7:29

something. Implementation, yeah. Implementation, right? But we're more

7:31

or less talking about the concept of

7:34

putting something into context, and

7:38

I did a little quote there, that is

7:40

available throughout the rest of your request

7:43

cycle. Some

7:45

other ideas for middleware that are commonly

7:47

used is redirecting users to a specific

7:49

instance. So if somebody is coming into

7:52

a URL that has been shared via

7:54

American, this happens all the time in

7:56

Canada, Sometimes you'll want

7:58

to redirect that user. You the

8:00

Canadian version of that website or

8:02

if you have data privacy laws

8:05

and you somebody is signing up

8:07

for a specific use case you

8:09

could sec what their Ip addresses

8:11

are or where their request is

8:13

originating from and then you may

8:15

want to say that users' data

8:17

any specific database that lives maybe

8:20

in Europe or in a different

8:22

region that you he must keep

8:24

their data inside of that specific

8:26

instance. Bird. Or

8:28

you could also use it for logging

8:30

in stats, you know, sometimes especially larger

8:33

applications they dump all of their logs

8:35

into. or maybe even a third party

8:37

logging provider. Maybe they're writing at the

8:39

files, but what you can do by

8:42

logging and middleware is that request comes

8:44

and you have access to all of

8:46

the information in the request. Log.

8:48

It you can even lod how long

8:50

a route took to resolve her how

8:53

long the process in between the start

8:55

and end of this process is because

8:57

again you have access typically in middleware

8:59

to be the ended in the certain

9:01

the end of the process. Maybe

9:04

I should explain one more thing about

9:06

middleware. The idea with middleware is that

9:08

you get the request the and right

9:10

you can add stuff to the the

9:12

context of you want are you can

9:14

log stuff but the idea is that

9:16

you you call like next or you

9:18

return I knew response from the middle

9:21

where and then it will continue on

9:23

down your specific route. So what you

9:25

could do in development mode is that

9:27

if you only want to have logging

9:29

turned on and development because he wanted

9:31

you want to have a nice verbose

9:33

mode. you. Could just say if process.you

9:35

envy equals development then log that value

9:37

out otherwise don't specifically do that. I

9:40

can also be really handy for trying

9:42

to to temporarily turn on some debugging

9:44

few simply haven't gone wrong and production.

9:46

You can flip on some logging and

9:49

middle you're not actually changing the code

9:51

that is running and that's that's such

9:53

a nice thing to just leave that

9:55

as is not have to modify it

9:58

in said was just jump in. Middle

10:00

there, He. Are in totally to.

10:02

You can even like start a timer to

10:04

so that request comes in. You started timer,

10:06

you do all your stuff in the middle

10:08

and then you log the end result of

10:11

that timer. I was doing at that in

10:13

just our putting in in three different images

10:15

based on how long that process took in

10:17

milliseconds. If it was I forget the actual

10:19

numbers but if it was slow I just

10:21

had a turtle output to my logs. If

10:24

it was fast I had a bunny and

10:26

it goes very fast. I had a rocket

10:28

ship and that is in development. It

10:30

was easy to see like oh, if I'm

10:32

working kind of casually of this thing I'd

10:35

hear can always taken a really long time.

10:37

Ah, Just. Just as a

10:39

little canary in the coal mines. Not

10:41

necessarily any deep sort of the understanding

10:44

of the performance, but little canary. I.

10:47

Ab testing really handy as well

10:49

if you are building a landing

10:51

page and you want to are

10:53

right for ten percent of the

10:55

users or users who have this

10:57

specific flag on or users that

10:59

has a access is one thing

11:01

ideas his country codes as well.

11:03

I provide discounts for different countries

11:05

based on where users coming and

11:08

what I do is I have

11:10

a set middleware in there that

11:12

when the request comes in I

11:14

check via a header at says

11:16

what country. Are they from and if

11:18

they are from a specific country, all

11:20

populate. The. Sole name of

11:22

the country because like I'll just get

11:25

like Cia and I wanted to populate

11:27

that to Canada. and then I'll also

11:29

populate some information about coupon code, set

11:31

the gets, and then when it comes

11:33

time to actually rendering the application, you

11:35

can simply just check if that value

11:37

is there's a if there is a

11:40

coupon code then run around the coupon

11:42

code banner. Of course you can. You.

11:44

Could chains see what's heading specifically works

11:46

better and even get really? It's really

11:49

really complicated with the different ab testing

11:51

values. One last one. while I guess

11:53

we you know even a few more.

11:56

Otherwise, You're just can be spending the whole

11:58

time here And examples but yeah, You

12:00

can also have your error handling and

12:02

logging. In fact, our century set up.

12:05

For making sure that our ears are

12:07

captured and sense to century so that

12:09

way we can solve them in a

12:11

very timely manner. with centuries amazing tools

12:13

and features. But

12:16

look as a out this ah yes, where

12:18

the that's all been done in middleware as

12:20

well. just sort of steps. In their. Other

12:23

things: caching expenses renders of

12:25

the we have. A

12:28

things in on servers and in

12:30

the browser and on Cdn to

12:32

to do caching but also you

12:34

could use. You can

12:36

simply just memorize a function or implement your

12:38

own cashing in a middleware. which is they

12:40

are it. Well if I've already done this

12:43

query, I've got the data here in in

12:45

a key value store. I can just return

12:47

the data directly and then it's not, never

12:49

even need to hit that value Says another

12:52

thing that can happen from middle as you

12:54

don't have to continue on in the middle

12:56

where you can simply just return early and

12:58

then the their class will never actually hit

13:01

that later middleware am in. The last one

13:03

I have here is a multi tenant applications

13:05

so. I run and are

13:07

probably eleven different domain names on

13:10

a single Know Js application for

13:12

all my courses am in the

13:14

way that I determine which. Domain

13:17

name in which course somebody is

13:20

actually. Viewing. Is.

13:22

I run a set of middleware so one

13:24

of the very first metal as it's at.

13:27

The. Request goes through is it

13:29

says if the domain name

13:31

has. A beginner javascript.com

13:34

in it then set the course

13:36

code to be j S and

13:38

then later on in the rendering

13:41

to put it would choose. Which

13:44

files tax or rent or based

13:46

on that data that had been

13:48

set earlier. So if you that's

13:50

that's an example of a multi

13:53

tenant application is just me on

13:55

the only tenants but if you

13:57

were to have multiple customers being.

14:00

running on the same code base,

14:02

you can use a middleware to

14:04

determine which customer is this when

14:07

you go through the whole process. And you can

14:09

even do that with databases. If you have multiple

14:12

databases running for each of

14:15

your customers, you might

14:17

need to set the database connection string

14:19

in a middleware before you hit any

14:21

of those database calls. Yeah

14:24

and even another one that a lot

14:26

of people have used before whether they

14:28

know it or not is that by

14:30

default when you have like form data

14:32

submitted to your application or you're sending

14:34

data to your server, that data isn't

14:37

typically parsed and Express did this with

14:39

was it what is the

14:41

Express implementation of this call? The

14:43

body parser? Body parser, yes. Where

14:46

that is essentially parsing data. In fact I

14:48

wrote one of these for SvelteKit to do

14:50

that for me so that anytime I submit

14:52

a form it's always available at local.form data.

14:55

So just being able to parse your data

14:57

at any point in their request so that

15:00

it actually comes in as a JavaScript object

15:02

instead of inside of

15:04

the headers or anything like that is a

15:06

it's a nice little thing. Where

15:12

does it run? I think we covered that. I

15:16

think it

15:18

runs on the edges. That's the way

15:20

I think about it. Okay well let's keep this

15:22

in. Where does middleware run? Does it run in

15:25

the middle? Does it run on the edges? That's

15:27

a good question. So traditionally there

15:29

with Express it simply runs in

15:31

the same application and it just

15:34

is a function that runs before

15:36

the rest of your your other

15:38

functions right. However it's becoming more

15:40

and more popular to run

15:42

your middleware in a totally separate environment

15:44

that's called an edge function. It runs

15:47

at the edge because if you're gonna

15:49

stick a whole bunch of logic before

15:51

your actual application runs it better be

15:54

fast as hell otherwise you're gonna really

15:56

extend the load

15:58

times of those specific

16:00

handlers. So where

16:02

a lot of these things now run is

16:04

they run on the edge and

16:06

they run in environments that are

16:08

not typically full node JS. So

16:11

probably the most common one is

16:13

running in a CloudFlare worker and

16:16

the CloudFlare worker will try to run it

16:18

as close to the user as possible. So

16:20

you get the best response times and

16:23

it will run it in a

16:25

pared down environment that doesn't necessarily

16:27

have the whole node JS setup.

16:29

Although CloudFlare is pretty close to

16:32

being node JS compatible as well

16:34

right now and that's how Vercel

16:36

middleware and Next.js middleware also runs

16:38

in CloudFlare workers. So you have

16:41

the same idea there. Yeah.

16:43

And even when I think about the edge, I don't

16:45

even necessarily think about the technical edge, but I think

16:47

about like it runs at

16:50

the edges of your application, right before

16:52

all the juicy stuff in the middle

16:54

happens. Yes, you got yeah, you

16:56

step in there and you say hey, I'm doing

16:58

some stuff. I'm working here and then you go

17:00

into your actual stuff and then you know,

17:02

you come back and finish off your middleware. So

17:05

to me like I like to think about it

17:07

like I mentioned before is like the bread of

17:09

the sandwich. It's starting stop

17:11

at the sandwich and then all the the

17:14

the moist maker. I don't even know what you're

17:16

talking about. The moist maker as your regular route

17:18

handler. All you got is your stuff in the

17:20

middle is all your your actual

17:23

work, right? You

17:25

also hit timeout limitations as well in a

17:27

lot of these edge areas.

17:31

So it might not make sense

17:33

to wait connect

17:35

to a database. You might not be able to

17:37

do a whole database connection setup. We

17:39

talked about that if you go back

17:42

to the episode we did

17:44

on serverless databases, we

17:46

talked about sort of limitations around all of

17:48

that, but often people

17:51

will forgo the whole database connection

17:53

string or they'll use a

17:55

database where you can use it in a

17:58

middleware and they'll just stick stuff in. like

18:00

a key value store or something that's really, really

18:02

fast to connect to and

18:04

access. Yeah. So

18:06

yeah, we're talking a little bit about limitations

18:08

here, but you know, I do, you know,

18:11

we briefly mentioned this. If you're doing too

18:13

much work in your middleware, remember

18:16

that's work that happens

18:18

on every request, right? If

18:20

every single time you're heading to your

18:22

database to load up the user to

18:25

do that's a database call on every

18:27

single request. So just be cognizant of

18:29

what you're doing in this middleware. And

18:32

if you need to do some things that are heavier,

18:35

we've mentioned caching, find a way to catch them

18:37

or find a way to reduce that sort of

18:40

that load time. I, you know, that's a common thing

18:42

is where people will put like a, um,

18:45

some sort of like heavier data initialization or

18:47

something into their middleware without even thinking about

18:49

it. And then sure enough, every single request

18:51

comes in, you're having to do some process

18:53

that you might not have to do on

18:56

every request. Yeah. For,

18:58

for the user one, I'm curious if you think

19:00

that this, I, many, many years

19:02

ago, I was like, is it okay to

19:05

look up the user on every single request? And

19:08

I came to the conclusion those, yeah, you

19:11

could cache that for a little while

19:13

if you really wanted to, but, uh,

19:15

it's totally fine. And it's very fast

19:17

to do a quick database lookup of

19:20

the currently logged in user based on their

19:22

session, um, especially when you're need

19:24

to update the user and maybe permissions, things

19:27

like that. It's will be a

19:29

pain in the butt if you have to cache data,

19:31

uh, and have to revalidate that

19:34

in every application I've ever done, I've

19:36

just, just query the current user

19:38

on every single request. And it's never been

19:40

issue for me. Have you done caching of

19:42

that? Yeah, I've done caching of it,

19:44

but with Redis. So, um, in, in

19:47

the way that we're doing that on

19:49

level up specifically is Obviously

19:51

anytime the user's updated that that cache is

19:53

updated, but the cache is like per session.

19:55

So When that auth token comes in, the

19:57

first thing we do is check the. To

20:00

see if that session is is in

20:02

there and they log out or that

20:05

session has expired or whatever. We have

20:07

all the information anyway so we can

20:09

dumper are you know hit the database

20:11

but like typically you're checking base user

20:14

stuff, you're checking emails and. Roles.

20:16

And things like that. I I definitely had that

20:18

coming in from a quick read as check and

20:21

that's it. Which is

20:23

you know it can be very fast to

20:25

do that wait caching and I did find.

20:28

Not like a crazy amount of savings,

20:30

but it's still savings nonetheless. You know

20:32

you have deficit you databases living off

20:34

site. Go another place. Come back with

20:36

that data. Media user data has a

20:38

ton of stuff on it on. So.

20:40

You never know. Yeah a the other something

20:42

that I've done successfully here. Is

20:45

that that's a good point is like

20:47

what's in that query could significantly like

20:49

if you're clearing the current user and

20:51

all their courses and all their progress

20:53

of every video and every transaction they

20:56

have and you're sticking all of that

20:58

if. If that's like. Around

21:00

like a. Three. Hundred k

21:02

of data that has to go over

21:05

the way or somewhere and then be

21:07

stored in memory and that the certainly

21:09

could couldn't slow you now have also

21:11

acts as a youth should probably throw

21:13

some timers in there. Are you something

21:16

to figure out? Where is that? The

21:18

time of this request being spent? You

21:20

know you could misallocate said five hundred

21:22

milliseconds. That's kind of slow but of

21:24

where is that Five hundred milliseconds being

21:27

spent and if that is in your

21:29

user look up then it's probably worth

21:31

throwing it. Into reticence it is when as

21:33

I would work is you would you to keep

21:35

your middleware for the user but the early on

21:37

in that user look up middleware use you check

21:40

if it's in the cash and and the red

21:42

us guessing that as fast as hell to be

21:44

able to just quickly returned the taskers rather than

21:46

do a whole hour round trip to the database

21:48

get fast as hell for. Ah,

21:52

Right arm oh. Last. Thing we

21:54

have here next. Yes, middleware is

21:56

one file only so I love

21:58

the Express and. Hello Jazz does

22:01

this as well where you you set up

22:03

your your route you say or it admin

22:05

for it's last. Anything and then

22:08

you can have year. Pop.

22:10

Populate user or check for authors

22:12

do they have access to the

22:14

specific things. And. Then. That

22:17

will then move onto the next where

22:20

I love doing that at a route

22:22

level and the next. Yes middleware is

22:24

of one single file that will run

22:27

on every single request and you have

22:29

to add the logic in yourself. There

22:31

also is there's a matters are you

22:34

can say are a only route run

22:36

this on the specific thing but you're

22:38

essentially reemploy mentoring. The. Entire read

22:40

or yourself and I was like wiser, not

22:42

like a middleware file that used to sit

22:44

in the app router like I'm one and

22:46

I want to go to the admin folder

22:49

and put a middleware oh yeah, file in

22:51

there and then have that run only on

22:53

and apparently they had tried that and it

22:55

was very confusing and I can see how

22:57

could get kind of mighty as like a

22:59

very simple example us talking about it may

23:01

be sounds like a good idea but also

23:03

they had try this so that was kind

23:05

of a bit of a bummer to me

23:07

because I said oh. You

23:09

you. Have this app router might like. I don't

23:12

have to write a writer assists folders but but

23:14

then if you want middle where are you do

23:16

have to write. Your. Own router and

23:18

you have to match the the your rolls and you

23:20

say if it starts with this and you gotta make

23:22

sure that that's not. My. Com

23:24

Injectable. You know that yet to make

23:26

sure that the user can accidentally come

23:28

up with the Euro that matches your

23:30

registers so I thought that was a

23:32

bit of a pain in the butter

23:34

task do that. But either either I

23:36

got my data for that. an insult

23:39

Kit World layouts in in Skokie of

23:41

the concept of having like a server

23:43

side lay out in so let's say

23:45

you're in the admin section. You could

23:47

toss essentially what you would toss their

23:49

into the that like was a we

23:51

have board says Adnan we put the

23:53

eye out. that server and/admin you do

23:55

your checks you do you're riding their

23:58

that's going to run before dead literally

24:00

anything else in that that route section. So technically

24:02

if you have like a server-side layout type of

24:05

deal like that you could you could throw it

24:07

in there and it would be the same. That's

24:10

at least how I accomplished that type of thing. Yeah

24:12

that's what I wanted to do. I was like I

24:14

want this to work like the syntax website. Yeah

24:17

right. As far as I could tell it it

24:19

doesn't doesn't work like that especially if you want

24:21

it to run at the

24:23

edge in in the middle rather than be part

24:26

of the the actual generation.

24:29

Yeah word. And

24:31

then also connect style. We've

24:34

talked about Express, Fastify, pretty much

24:36

any Hano.js, any framework you pick

24:38

up will have this concept of

24:40

middleware or hopefully we'll have this

24:42

concept of middleware and you

24:44

just gotta take a look at it. What does

24:46

it look like in your specific application? That's it.

24:50

Anything else to add there? I

24:53

don't. Yeah middleware you can sometimes

24:55

find them on NPM sometimes you just

24:57

write them yourself and

25:00

you know these types of things I think

25:02

you get more comfortable with it and eventually

25:04

just become something you do on every project

25:06

but just about every single application I write

25:08

has middleware in it. Yeah. And it does

25:11

all kinds of stuff for me. So yeah

25:14

if you're not using middleware it's probably a

25:16

good idea to look into

25:19

it and only that I think

25:21

it will clean up some of the stuff that

25:23

you're doing in individual routes so that you don't

25:25

have to do it in the individual route itself.

25:28

I just remembered one more

25:30

thing I forgot to say is that like

25:32

often these middleware you just said you can

25:34

NPM install them the reason you can often

25:36

NPM install them is because they are standard

25:38

space. So they are either connect

25:41

style meaning that

25:43

they have a request a

25:45

response and the next function and

25:48

connect style will work with pacify

25:50

express the all kinds of different

25:52

frameworks or there'll be the

25:54

new modern version which is the fetch

25:57

or web request web response where you're

25:59

simply just returning returning a fetch request

26:01

or returning a response object and

26:04

those will work or there'll be something

26:07

that is somewhat a variant on that

26:10

and that's why you can just usually NPM install

26:12

them all and like you could go and NPM

26:14

install like a rate limit that's

26:16

another really good use case as well as you

26:19

you want to stop somebody from hitting your sign

26:21

up endpoint a million bazillion times you could

26:23

write a middleware I have this in my own application

26:26

where it stops people from hitting

26:29

it too many times it's a rate limit

26:31

middleware and you simply need to NPM install

26:33

it and they work with more than just

26:36

one specific framework yeah we had

26:38

something called the ban hammer on level

26:40

where if people tried

26:42

like I think it was oh man

26:44

there were some there if they if they

26:46

had had a failed credit card attempt for

26:48

like three times or something in

26:51

a row I don't know there

26:53

were some number we had attached yeah into the user

26:55

object and it we would permanently

26:57

ban them and the way that the banning

26:59

worked is it applied a class that made

27:01

it look like the user was logged out

27:03

but it wouldn't let them log in because

27:05

they were already logged in it was like

27:07

a nice clever like they can't

27:09

they'll just be like what am I I can't log

27:11

in anymore oh man or every day refresh

27:14

make the opacity one

27:17

percent yeah that's good or every one in

27:19

every ten

27:24

requests show them but then not

27:27

I don't know there's a lot of fun stuff you could

27:29

do there but that is middleware hopefully you enjoyed that we'll

27:31

catch you later peace peace

27:44

you