Bummer! This is just a preview. You need to be signed in with a Basic account to view the entire video.

Preview

Start a free Basic trial
to watch this video

Sign up for Treehouse

Writing Custom Middleware

5:48 with Dave McFarland and Jonathan Foster

There's lots of great Express middleware to choose from — we've used body parser and express-session in this project. But you don't need to rely on other programmers for middleware. You can write your own, and in this video, you'll learn how.

The loggedOut( ) middleware function

function loggedOut(req, res, next) {
  if (req.session && req.session.userId) {
    return res.redirect('/profile');
  }
  return next();
}

Using the middleware in a route

// GET /login
router.get('/login', mid.loggedOut, function(req, res, next) {
  return res.render('login', { title: 'Log In'});
});
  • 0:00

    We've included various third party middleware in our application like

  • 0:04

    Body Parser and Express Sessions.

  • 0:06

    The cool thing is you don't need to just rely on someone else to create

  • 0:09

    the functionality your application needs.

  • 0:12

    You can write your own middleware to extend Express and

  • 0:15

    in this, in the next video we'll do just that.

  • 0:18

    We'll create two pieces of middleware.

  • 0:20

    One that will present an error to users who aren't logged in.

  • 0:24

    This will let us easily password protect any page on our site with a simple call to

  • 0:29

    the middleware.

  • 0:30

    The second middleware function will be for users who are logged in but

  • 0:33

    are visiting pages that aren't for them like the register page, the logon form or

  • 0:38

    perhaps some promotional marketing page targeted to just new visitors.

  • 0:42

    In this video, we'll tackle that last function first.

  • 0:44

    Currently the /login route is a form that's visible to anyone,

  • 0:50

    including logged in people.

  • 0:53

    See, I'm logged in now and if I go to /login, I can see the form again.

  • 0:58

    The same is true for the sign up form.

  • 1:03

    While this isn't a huge deal, it would be nice to only let non logged in users

  • 1:07

    see that form and simply redirect logged in users who accidentally visit this

  • 1:12

    page to somewhere more appropriate like their profile page.

  • 1:16

    We can do that with our own custom middleware.

  • 1:19

    In my text editor, I'll open the project.

  • 1:22

    It's common to keep your middleware code outside of the main application in one or

  • 1:27

    more separate JavaScript files.

  • 1:29

    I'll create a directory named middleware.

  • 1:37

    And in it, I'll add a file named index.js.

  • 1:42

    I'll add all my middleware code here.

  • 1:45

    I'm gonna call this function logged out.

  • 1:49

    It will prevent logged in users from accessing a route.

  • 1:53

    Middleware functions have access to the three parameters we've discussed,

  • 1:59

    the request object, the response object and the next function.

  • 2:04

    The session middleware makes a session object available through the request

  • 2:09

    object.

  • 2:10

    So in this function, we can check for a session and a user ID value.

  • 2:21

    If both of these are true that means the user is logged in to the site.

  • 2:26

    And if the user is logged in, we'll send them to their profile page.

  • 2:34

    In other words, we can call this middleware on any route that we don't want

  • 2:39

    an authorized user to see like a marketing page.

  • 2:42

    However, if the user is not logged in,

  • 2:45

    we just pass execution to the next piece of middleware by calling next.

  • 2:50

    In other words, if the visitor is not logged in this function won't do anything.

  • 2:55

    Now in order to use this middleware in our application we have to export it.

  • 3:00

    So at the bottom of this file, We export the function.

  • 3:07

    Because this is router middleware, we need to require it and

  • 3:11

    use it in the file defining our routes.

  • 3:13

    I'll open the index .js file inside the route’s directory.

  • 3:19

    And then I'll require our middleware, Because this

  • 3:24

    route's file is in the route’s directory, I need to use dot dot slash to move up and

  • 3:30

    out of the route folder, then identify the middleware folder.

  • 3:34

    Requiring a directory by name like this tells Express to load

  • 3:38

    the index.js file in that directory.

  • 3:41

    Now to add our middleware, we pass it into a route.

  • 3:45

    You can do so by referencing it with mid.logged out.

  • 3:49

    First, let's only show the registration form if the visitor is not logged in.

  • 3:54

    I’ll addf the middleware inside the get route for register.

  • 4:05

    You'll see that I literally place this in the middle of the route.

  • 4:10

    It really is middleware.

  • 4:12

    I'll do the same for the route that displays the login form.

  • 4:20

    Let's see how this works.

  • 4:21

    I'll save these files and switch to my browser.

  • 4:24

    I have nodemon running, so the changes I made are active.

  • 4:27

    I'm not currently logged in, so I'll do that first.

  • 4:33

    Then, I'll go to /login.

  • 4:37

    This normally displays the log in form but not for me.

  • 4:39

    It directs me, a logged in user, to my profile.

  • 4:43

    You can see the same is true if I visit the register route.

  • 4:49

    See how easy it was to use our middleware?

  • 4:51

    Just plop it down in a route and it runs when that route is called.

  • 4:55

    In the next video we'll create a more useful piece of middleware.

  • 4:58

    I'll call it requires login.

  • 5:01

    It will determine if the user is logged in by checking for

  • 5:04

    a session with a user ID property.

  • 5:06

    If they are logged in, then they just continue on to the next piece of

  • 5:10

    middleware and eventually to wherever that route leads like the user profile page.

  • 5:15

    However, if the user isn't logged in,

  • 5:17

    it will spit out an error saying that the user must be logged in to view the page.

  • 5:21

    And I've already shown you the basics you need to write and use middleware.

  • 5:26

    Before you watch the next video, I recommend that you try to create

  • 5:30

    the requires login middleware function yourself.

  • 5:33

    Add the code to the index.js file inside the middleware folder.

  • 5:37

    Then use that middleware in the GET request for the /profile route.

  • 5:42

    See if you can do it.

  • 5:43

    If not, no worries.

  • 5:45

    I'll show you how to do it in the next video.

  • 5:47

    See you there.

You need to sign up for Treehouse in order to download course files.

Sign up