I'm using a function that someone else wrote for express and passport, which defines the middleware(?) as follows:
function isLoggedIn(req, res, next) {
if (req.isAuthenticated()){
return next();
}
else{
req.flash('error', 'You need to be logged in to access this page');
res.redirect('/login');
}
}
This function is used in the router as follows:
app.get('/page', isLoggedIn, function(req, res){
// ...
});
What I don't understand is, shouldn't the function be called with parameters req and res? Maybe the callback next is not necessary since it's the next argument of app.get, but how does the function access req and res? I would expect it to be called as follows:
app.get('/page', isLoggedIn(req, res), function(req, res){
// ...
});
How does it work without specifying the arguments?
Thanks,
Any functions that you pass to app.get() or app.use() are automatically called with req, res, next passed to them. That is how app.get() and app.use() are implemented.
To help you understand, this example:
app.get('/page', function(req, res){
console.log(req.params.foo);
});
is functionally the same as this:
app.get('/page', myHandler);
function myHandler(req, res) {
console.log(req.params.foo);
});
You do not want to do something like this:
app.get('/page', isLoggedIn(req, res), function(req, res){
// ...
});
because here you're attempting to execute isLoggedIn(req, res) (when req and res are not yet defined) and then pass it's returned value to app.get(). That is not what you want at all. You need to pass a function reference to app.get() and it will supply the parameters when it calls the function. Any time you put () after a function in Javascript, that means you want to execute it NOW. But, if you just pass the function's name, then that is a function reference which can be stored and called later as desired.
This code example is analogous to this:
var result = isLoggedIn(req, res);
app.get('/page', result, function(req, res){
// ...
});
Besides the fact that this would cause an error because req and res are not defined at program start time when this would execute, hopefully you can see that you don't want to execute isLoggedIn() now. Instead, you just want to pass a function reference so Express can call it later.
In this code
app.get('/page', isLoggedIn, function(req, res){
// ...
});
The app.get method is being called with three arguments:
the route to the page: /page
the middleware function
the request handler function
Basically, this code is telling the express framework that when a GET request is received for the /page path, then it should call two functions: first, the middleware function and second the handler function.
The important thing to note here is that it is the framework doing the work. The framework is going to call the middleware function, then it's going to call the handler function.
What I don't understand is, shouldn't the function be called with parameters req and res?
It will be called with these arguments, somewhere inside the get function. Suppose this is the simplified get, implemented as
// a super simple get that will expect a function
// and call the function with two arguments
function get( f ) {
var res = 1, req = 1;
f( res, req );
}
There are multiple ways of passing a function to get. For example, you pass an anonymous function
get( function( res, req ) {
return res + req;
}
You can also pass a named function defined elsewhere
function isLoggedIn( res, req ) {
return res + req;
}
get( isLoggedIn );
This however, is not what you'd expect:
get( isLoggedIn( res, req ) );
The problem here is that
isLoggedIn( res, req )
is no longer a function declaration. It is an invocation and the result of this invocation depends on what res and req are. With some luck, the invocation can even yield a number value, which means that get is no longer invoked with function as an argument but with the result of function invocation.
In short, to pass a named function to another function, you don't specify its arguments. The supposed syntax that would allow this doesn't even make sense because it would be indistinguishable from a syntax of actual function invocation (i.e. the value of the call).
Related
I want to do some logging in the application. The flow I'm currently think is I pass a middleware function to my other middleware, then called the middleware function inside it.
I know it might be confusing, but this is the case I'm having now, I already have error logging middleware but want to invoke it later when on response finish
//middleware that called other middleware
module.exports = function(loggingMiddleware) {
return function (req, res, next) {
res.on("finish", () => {
loggingMiddleware(req, res, next) // will be called twice here
}
next() // to other middleware
}
}
My concern is, is it ok to call the next twice?
I'm having trouble wrapping my head around the concept of the next() function in express.js. I guess my first question would be is next() an express.js only function? My second question would be, in the example below what does next do? After the console function, it goes to the next function that is called after? I'm so confused.
var cb0 = function (req, res, next) {
console.log('CB0');
next();
}
With Express (and other similar systems), each request passes through a series of middleware functions (like your cb0). Each of those has a chance to do something with the request.
Since the thing a middleware function does may be asynchronous (for instance, reading a file, querying a database, etc.), Express can't just directly call the next bit of middleware after calling the previous one. So instead, it passes the middleware function a function, next, which that middleware uses to say "I'm done, run the next step." (In the Express version, you can also pass an argument to next, as Aikon Mogwai points out: If you pass it an Error, it triggers error handling for the route. If you pass it "route", it jumps to the next router, etc.).
So the concept of a next function isn't specific to Express, but the specific use in that example is.
Here's a much simplified example not using Express, but demonstrating the sort of thing it does with middleware functions when handling a request:
const app = {
middleware: [],
use(callback) {
this.middleware.push(callback);
}
};
app.use((req, res, next) => {
console.log("First handler synchronous part");
setTimeout(() => {
console.log("First handler async part finished");
next();
}, 800);
});
app.use((req, res, next) => {
console.log("Second handler is entirely synchronous");
next();
});
app.use((req, res, next) => {
console.log("Third handler synchronous part");
setTimeout(() => {
console.log("Third handler async part finished");
next();
}, 800);
});
// Code handling an incoming request
function handleRequest(req, app) {
// Copy the handlers
const middleware = app.middleware.slice();
// Create a "response"
const res = {};
// Call the handlers
let index = 0;
next();
function next() {
if (index < middleware.length) {
// Call the handler, have it call `next` when it's done
middleware[index++](req, res, next);
} else {
console.log("Request completed");
}
}
}
handleRequest({}, app);
It's probably worth mentioning that this manual-style of asynchronous middleware handling has been replaced with promises in Koa.js, which is a new(er) framework from the same people who did Express.js. With Koa, you make your callbacks async functions, and Koa's internals wait for the promise the async function returns to settle and then acts on the result of it setting (e.g., rejection or fulfillment, the value it fulfills with, etc.).
Next is used to pass control to the next middleware function. If not the request will be left hanging or open. Calling this function invokes the next middleware function in the app. The next() function is not a part of the Node.js or Express API but is the third argument that is passed to the middleware function.
The next() function requests the next middleware function in the application. The next() function is not a part of the Node.js or Express API, but it is the third case/argument which is passing to the middleware function. The next() function could be named anything, but by convention, it is always named "next". To avoid confusion, always use this convention.
For more info, you can visit the official tutorial of express
var express = require('express')
var app = express()
var CB0 = function (req, res, next) {
console.log('CB0')
next()
}
app.use(CB0)
app.get('/', function (req, res) {
res.send('Hello World!')
})
app.listen(3000)
Each and Every time app receives a request and prints the message "CB0" console in terminal window.
The middleware functions that are loaded first are also executed first.
The middleware function CB0 simply prints a message, then passes on the request to the next middleware function in the stack by calling the next() function.
Can someone please explain what's happening here? I know these are middleware for express, I'm looking at the syntax.
I understand the es6 syntax for mustBeLoggedIn but I'm not sure what const forbidden = message => (req, res, next) => { is doing. Is message another parameter that comes before req, res, next? If so, why isn't it in the parenthesis? I originally thought this was just assigning another variable name to the function. So I could call it either forbidden() or message(), no? But looking at how it's being used it looks more like a parameter...
Another interesting thing I noticed is that the middleware forbidden is being invoked in the get request and mustBeLoggedIn is only being passed and not invoked. Why?
const mustBeLoggedIn = (req, res, next) => {
if (!req.user) {
return res.status(401).send('You must be logged in')
}
next()
}
const forbidden = message => (req, res, next) => {
res.status(403).send(message)
}
module.exports = require('express').Router()
.get('/', forbidden('only admins can list users'), (req, res, next) =>
User.findAll()
.then(users => res.json(users))
.catch(next))
.post('/', (req, res, next) =>
User.create(req.body)
.then(user => res.status(201).json(user))
.catch(next))
.get('/:id', mustBeLoggedIn, (req, res, next) =>
User.findById(req.params.id)
.then(user => res.json(user))
.catch(next))
I dislike this use of the ES6 syntax as it obscures the meaning of the code only in the interest of brevity. The best code is not always the shortest possible way to write it. Give people tools and they will sometimes use them inappropriately.
forbidden() is a function that takes one argument message that returns a middleware handler that uses that one argument. So, it's a way of making a customized middleware handler that has a parameter pre-built-in. When you call forbidden(msg), it returns a middleware handler function which you can then use as middleware.
The ES5 way of writing this (ignoring for a moment the difference in this which would be different, but is not used here) would look like this:
const forbidden = function(message) {
return function(req, res, next) {
res.status(403).send(message);
}
}
So, when you call forbidden(someMsg), you get back a function that can be used as middleware.
If so, why isn't it in the parenthesis?
With the ES6 arrow syntax, a single argument does not have to be in parentheses. Only multiple arguments require parentheses.
Another interesting thing I noticed is that the middleware forbidden is being invoked in the get request
This is because invoking it returns the actual middleware function so you have to execute to get the return value which is then passed as the middleware.
and mustBeLoggedIn is only being passed and not invoked. Why?
Because it's already a middleware function, so you just want to pass a reference to it, not invoke it yet.
FYI, this route:
.get('/', forbidden('only admins can list users'), (req, res, next) =>
User.findAll()
.then(users => res.json(users))
.catch(next))
does not make sense to me based on the code you've shown because forbidden() will return a middleware that will ALWAYS return a 403 response and will not allow the next handler to get called. This would only make sense to me if forbidden() had logic in it to check if the current user is actually an admin or not (which you don't show).
I'm trying to separate my routes using the express router however I'm running into an issue. For some reason, when I declare an anonymous function inside my .get method, it works. However, as soon as I define my own function and pass it in, the request and response objects become undefined.
This works
var express = require("express");
var router = express.Router();
router.get("/", function(request, response, next){
console.log("getting the hello page");
response.send("hello");
});
module.exports = router;
However this fails
var express = require("express");
var router = express.Router();
function getHelloPage(request, response, next) {
console.log("getting the hello page");
response.send("hello");
}
router.get("/", getHelloPage(request, response, next));
module.exports = router;
even tried just having:
router.get("/", getHelloPage());
Any Ideas of what's going on here?
You shouldn't call the function when using it as a callback, but rather just use its name so you pass a function reference that can be called later. In your case, you're calling it immediately and passing the return value, and since it doesn't return anything, your original code is equal to:
getHelloPage();
router.get("/", undefined);
It should work just fine when you pass the function body to it:
router.get("/", getHelloPage);
TL;DR
It's getHelloPage vs. getHelloPage() as a callback function.
What the express's router expects as second argument is a function to be executed when the route match with the first argument, your getHelloPage function is not returning a function , your function when is executed is not returning nothing, what mean undefined.
What you can do is a function that returns a function with the expected parameters.
var express = require('express');
var router = express.Router();
function getHelloPage(str) {
return function(request, response, next) {
console.log('message : ', str);
response.send(str);
}
}
router.get('/', getHelloPage('some message'));
module.exports = router;
Anyway not make so much sense in this case, but is just a sample.
From the example here:
app.get('/account', ensureAuthenticated, function(req, res){
res.render('account', { user: req.user });
});
function ensureAuthenticated(req, res, next) {
if (req.isAuthenticated()) { return next(); }
res.redirect('/login')
}
I don't understand how ensureAuthenticated works. It requires 3 arguments, no default argument is set. But if I call it with no argument (in app.get), it does execute correctly, how could this be?
You're not actually calling ensureAuthenticated anywhere in your code; you're passing a reference to the function, and your http framework calls the function later (when a request is made to /account) passing the correct arguments.
If you had written ensureAuthenticated() (with parentheses), then you'd be calling it with no parameters. Without parentheses, you're passing a reference to the function.
Javascript parameter values are always optional.
Any named arguments that have not been passed are simply undefined.