The middlewares are functions which are composed and executed in a stack-like manner upon request. If you are not familiar with the middleware stack in Koa, we highly recommend you to read the [Koa's documentation introduction](http://koajs.com/#introduction).
## Structure
### File structure
```js
module.exports = strapi => {
return {
// can also be async
initialize() {
strapi.app.use(async (ctx, next) => {
// await someAsyncCode()
await next();
// await someAsyncCode()
});
},
};
};
```
-`initialize` (function): Called during the server boot.
The middlewares are accessible through the `strapi.middleware` variable.
### Node modules
Every folder that follows this name pattern `strapi-middleware-*` in your `./node_modules` folder will be loaded as a middleware.
A middleware needs to follow the structure below:
```
/middleware
└─── lib
- index.js
- LICENSE.md
- package.json
- README.md
```
The `index.js` is the entry point to your middleware. It should look like the example above.
### Custom middlewares
The framework allows the application to override the default middlewares and add new ones. You have to create a `./middlewares` folder at the root of your project and put the middlewares into it.
```
/project
└─── api
└─── config
└─── middlewares
│ └─── responseTime // It will override the core default responseTime middleware.
│ - index.js
│ └─── views // It will be added into the stack of middleware.
│ - index.js
└─── public
- favicon.ico
- package.json
- server.js
```
Every middleware will be injected into the Koa stack. To manage the load order, please refer to the [Middleware order section](#load-order).
## Configuration and activation
To configure the middlewares of your application, you need to create or edit the `./config/middleware.js` file in your Strapi app.
By default this file doesn't exist, you will have to create it.
**Availabe options**
-`timeout` (integer): Defines the maximum allowed milliseconds to load a middleware.
-`load` (Object): Configuration middleware loading. See details [here](#load-order)
-`settings` (Object): Configuration of each middleware
-`{middlewareName}` (Object): Configuration of one middleware
-`enabled` (boolean): Tells Strapi to run the middleware or not
The middlewares are injected into the Koa stack asynchronously. Sometimes it happens that some of these middlewares need to be loaded in a specific order. To define a load order, create or edit the file `./config/middleware.js`.
-`queryStringParser` (see [qs](https://github.com/ljharb/qs) for a full list of options).
-`arrayLimit` (integer): the maximum length of an array in the query string. Any array members with an index of greater than the limit will instead be converted to an object with the index as the key. Default value: `100`.
-`depth` (integer): maximum parsing depth of nested query string objects. Default value: `20`.
-`expose` (array): Configures the `Access-Control-Expose-Headers` CORS header. If not specified, no custom headers are exposed. Default value: `["WWW-Authenticate", "Server-Authorization"]`.
-`maxAge` (integer): Configures the `Access-Control-Max-Age` CORS header. Default value: `31536000`.
-`credentials` (boolean): Configures the `Access-Control-Allow-Credentials` CORS header. Default value: `true`.
-`methods` (array)|String - Configures the `Access-Control-Allow-Methods` CORS header. Default value: `["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "HEAD"]`.
-`headers` (array): Configures the `Access-Control-Allow-Headers` CORS header. If not specified, defaults to reflecting the headers specified in the request's Access-Control-Request-Headers header. Default value: `["Content-Type", "Authorization", "X-Frame-Options"]`.
-`ip`
-`enabled` (boolean): Enable or disable IP blocker. Default value: `false`.
