Complete Guide to Middleware in Node.js with Examples and Use Cases

By /
Middleware in Node.js: Complete Guide with Examples, Use Cases, and Interview Q&A

Understanding Middleware in Node.js

📌 What is Middleware?

In simple terms, middleware is like a middle layer that sits between the client’s request and your server’s final response.

When a user visits your website or makes an API request, the request goes through multiple steps before it gets a response. Middleware is one of those steps. It can read the request, make changes to it, add extra data, stop it, or pass it to the next step.

Think of it like a security checkpoint in an airport. Every person (request) must go through it. The staff (middleware) can check documents, add labels (data), or stop someone (return an error). If everything is okay, the person (request) moves to the next checkpoint (route).

In technical terms:

  • Middleware is a function that receives the req, res, and next() arguments.
  • It can do operations like logging, checking headers, parsing JSON, validating tokens, etc.
  • Once done, it either ends the response or calls next() to continue.

🚀 Why Use Middleware?

Middleware makes your Node.js app more organized, secure, and powerful. Here’s why it’s useful:

  • 1. Centralized Logic: You don’t want to repeat the same code in every route. Middleware helps reuse it globally.
  • 2. Clean Code: By separating things like logging, security, or parsing, your main route code stays clean and focused.
  • 3. Flexibility: You can create custom rules that run before or after any request.
  • 4. Secure APIs: Use middleware to check if users are logged in or if they have the right permissions.
  • 5. Consistent Error Handling: You can handle all API errors from one place using error-handling middleware.

📊 How Middleware Works (Flow)

Let’s understand the flow of middleware step-by-step:

  1. User sends a request (e.g., opens your site or hits an API)
  2. The request enters your Express server
  3. The request goes through one or more middleware functions (in order)
  4. Each middleware can:
    • Do something with the request (like log it or validate)
    • Stop and return a response (like 403 Unauthorized)
    • Call next() to pass it along
  5. If everything is okay, it finally reaches the route handler and returns a response

This system gives you full control over every request that enters your app.

🔧 Basic Middleware Example


const express = require('express');
const app = express();

app.use((req, res, next) => {
  console.log('Request:', req.method, req.url);
  next(); // Proceed to next middleware or route handler
});

app.get('/', (req, res) => {
  res.send('Hello World');
});

app.listen(3000, () => console.log('Server running'));

💬 Real-World Case Study: Middleware in a Chat App (Message Filtering)

Imagine you’re building a simple chat server using Node.js + Express. You want to make sure that users can’t send bad or banned words in messages. Instead of checking this in every route, you can create a middleware that filters messages.

🧠 Problem:

Users may send messages with inappropriate words like “badword1” or “spamword”. You want to block or clean them before saving or showing to others.

✅ Solution:

Create a middleware called messageFilter that checks req.body.message and replaces or blocks unwanted words.

📁 File: messageFilter.js


    // messageFilter.js
    const bannedWords = ['badword1', 'spamword'];
    
    module.exports = function (req, res, next) {
      let message = req.body.message;
    
      if (!message) {
        return res.status(400).json({ error: 'Message is required' });
      }
    
      bannedWords.forEach(word => {
        const regex = new RegExp(word, 'gi');
        message = message.replace(regex, '****');
      });
    
      req.body.message = message;
      next(); // continue to the route
    };

🛠️ Setup in Server


    const express = require('express');
    const app = express();
    const messageFilter = require('./messageFilter');
    
    app.use(express.json());
    
    // Apply middleware only to this POST route
    app.post('/send-message', messageFilter, (req, res) => {
      const message = req.body.message;
      // Imagine this message is saved to DB or broadcasted
      res.json({ cleanedMessage: message });
    });
    
    app.listen(3000, () => console.log('Chat server running'));

👨‍🏫 Example:

Request:


    POST /send-message
    {
      "message": "This is a badword1"
    }

Response:


    {
      "cleanedMessage": "This is a ****"
    }

🎉 Result:

  • Middleware filters messages automatically
  • You don’t need to repeat the filtering logic in every route
  • Easy to update: just change the bannedWords array
  • Safe and beginner-friendly!

This is a great example of how middleware keeps your app clean and safe — even for beginners. Just plug it in once, and it works everywhere!

🏢 Real-World Case Study: Middleware in an E-Commerce API

Imagine you’re building a backend API for an e-commerce platform like ShopOnline. The system has multiple routes:

  • POST /api/orders – Create a new order
  • GET /api/products – List all products
  • POST /api/auth/login – Login user
  • GET /api/user/profile – Get user info

Here’s how middleware helps you organize and secure this API efficiently:

🔒 1. Authentication Middleware

This middleware checks if a user is logged in by verifying a JWT token.


// authMiddleware.js
module.exports = function (req, res, next) {
  const token = req.headers['authorization'];
  if (!token || token !== 'valid_token') {
    return res.status(401).json({ message: 'Unauthorized' });
  }
  next();
};

It’s applied to all protected routes:


app.use('/api/user', authMiddleware);
app.use('/api/orders', authMiddleware);

📝 2. Logger Middleware

This middleware logs every request to the console or a file, useful for debugging and tracking.


app.use((req, res, next) => {
  console.log(`[${new Date().toISOString()}] ${req.method} ${req.url}`);
  next();
});

📦 3. Error Handling Middleware

Instead of repeating try/catch in every route, we add a centralized error handler.


// errorHandler.js
module.exports = function (err, req, res, next) {
  console.error('Internal error:', err.message);
  res.status(500).json({ error: 'Internal Server Error' });
};

Add it at the end of all middleware and routes:


app.use(errorHandler);

🌍 4. CORS Middleware

To allow the frontend (running on a different domain) to access the backend:


const cors = require('cors');
app.use(cors({ origin: 'https://shoponline-frontend.com' }));

🎯 Result

  • All incoming requests are logged
  • Only authenticated users can access protected endpoints
  • Frontend apps can call the API without CORS issues
  • Any server errors are caught and returned in a clean format

Without middleware, you’d have to repeat token checks, logging, and error handling in every route — leading to messy, repetitive, and buggy code.

With middleware, your routes stay clean and focused on business logic, while middleware handles all the supporting concerns!

🧪 10 Practical Middleware Use Cases (with Examples)

Below are common middleware tasks used in real-world Node.js + Express applications:

  1. Request Logger – Log every request to the console.
    
app.use((req, res, next) => {
  console.log(`${req.method} ${req.url}`);
  next();
});
  2. JSON Body Parser – Parse incoming JSON data.
    
app.use(express.json());
  3. Authentication Check – Block requests without a token.
    
app.use('/api/secure', (req, res, next) => {
  const token = req.headers['authorization'];
  if (token !== 'valid_token') {
    return res.status(401).json({ error: 'Unauthorized' });
  }
  next();
});
  4. Rate Limiter – Limit how many times a user can call an API.
    
let requests = 0;
app.use((req, res, next) => {
  requests++;
  if (requests > 100) return res.status(429).send('Too many requests');
  next();
});
  5. Maintenance Mode – Return 503 if the site is under maintenance.
    
const isMaintenance = false;
app.use((req, res, next) => {
  if (isMaintenance) {
    return res.status(503).send('Site is under maintenance');
  }
  next();
});
  6. Add Custom Headers – Inject headers into all responses.
    
app.use((req, res, next) => {
  res.setHeader('X-Powered-By', 'Node.js Middleware');
  next();
});
  7. CORS Handling – Allow frontend access from another origin.
    
const cors = require('cors');
app.use(cors({ origin: 'https://frontend.com' }));
  8. Request Timer – Measure how long a request takes.
    
app.use((req, res, next) => {
  const start = Date.now();
  res.on('finish', () => {
    const duration = Date.now() - start;
    console.log(`⏱️ ${req.method} ${req.url} - ${duration}ms`);
  });
  next();
});
  9. Input Validator – Validate user input before proceeding.
    
app.use('/api/contact', (req, res, next) => {
  if (!req.body.email) return res.status(400).send('Email required');
  next();
});
  10. Global Error Handler – Catch and respond to server errors.
    
// should be at the end
app.use((err, req, res, next) => {
  console.error(err.stack);
  res.status(500).send('Something broke!');
});

💬 10 Node.js Middleware Interview Questions & Answers

Q1: What is middleware in Node.js?

A: Middleware is a function that has access to the request and response objects. It can modify the request, send a response, or pass control to the next middleware using next().

Q2: What are the arguments of a middleware function?

A: A middleware function takes three or four arguments: (req, res, next) for normal middleware, and (err, req, res, next) for error-handling middleware.

Q3: What happens if you forget to call next()?

A: The request will hang and never reach the next middleware or route. This causes the browser to wait forever.

Q4: Can middleware send a response?

A: Yes. Middleware can end the request by sending a response using res.send(), res.json(), or res.status().send().

Q5: How is middleware executed?

A: Middleware is executed in the order it is registered using app.use() or directly in route definitions. It follows a top-to-bottom flow.

Q6: What is the difference between application-level and router-level middleware?

A: Application-level middleware is applied using app.use() and runs for the entire app. Router-level middleware is applied to specific routes using router.use().

Q7: What are some common third-party middleware packages?

A: Some popular ones are morgan for logging, cors for cross-origin requests, and express-rate-limit for rate limiting.

Q8: Can middleware be asynchronous?

A: Yes. Middleware can be defined as async functions and use await to handle asynchronous operations like DB calls or API requests.

Q9: What is an error-handling middleware?

A: It is a special middleware with four parameters: (err, req, res, next). It catches errors thrown in other middleware or routes and handles them globally.

Q10: How can middleware help in scaling applications?

A: Middleware allows you to reuse logic, reduce code duplication, separate concerns, and keep routes clean. This makes the codebase more maintainable and scalable.

🧾 Important Terms in Node.js Middleware

Middleware:

A function that sits between the request and response. It can inspect, modify, or end the request/response cycle.

Request (req):

The object that represents the client’s HTTP request. Contains data like headers, body, query, and URL.

Response (res):

The object used to send back data to the client. Methods include res.send(), res.json(), res.status().

Next (next()):

A function you call to move to the next middleware or route. If you don’t call it, the request will hang.

Error Middleware:

Special middleware with four parameters: (err, req, res, next). It catches and handles application errors.

Route Handler:

The final destination of a request (like app.get()) where the response is sent to the user.

Application-Level Middleware:

Middleware applied to the entire app using app.use(). It runs for every request.

Router-Level Middleware:

Middleware applied only to a specific router using router.use().

Third-Party Middleware:

Middleware created by others and installed via npm (e.g., morgan, cors, helmet).

CORS:

Cross-Origin Resource Sharing. Middleware that controls who can access your server from another domain.

🔁 Alternatives to Middleware

  • Inline route handlers
  • Interceptor patterns (like NestJS)
  • Decorators in TypeScript frameworks

✅ Best Practices

  • Keep middleware atomic (one purpose per function)
  • Use consistent error formats
  • Leverage community packages when possible
  • Organize middlewares in a separate folder
  • Test critical middlewares independently

🔗 External Resources


Learn more about React setup
Learn more about Mern stack setup

Related Posts

30 thoughts on “Complete Guide to Middleware in Node.js with Examples and Use Cases”

Comments are closed.

Scroll to Top