The middlewares are functions which are composed and executed in a stack-like manner upon request. If you are not familiar with the middleware stack in Koa, we highly recommend you to read the [Koa's documentation introduction](http://koajs.com/#introduction).
## Structure
### File structure
```js
module.exports = strapi => {
return {
// can also be async
initialize() {
strapi.app.use(async (ctx, next) => {
// await someAsyncCode()
await next();
// await someAsyncCode()
});
},
};
};
```
-`initialize` (function): Called during the server boot.
The middlewares are accessible through the `strapi.middleware` variable.
### Node modules
Every folder that follows this name pattern `strapi-middleware-*` in your `./node_modules` folder will be loaded as a middleware.
A middleware needs to follow the structure below:
```
/middleware
└─── lib
- index.js
- LICENSE.md
- package.json
- README.md
```
The `index.js` is the entry point to your middleware. It should look like the example above.
### Custom middlewares
The framework allows the application to override the default middlewares and add new ones. You have to create a `./middlewares` folder at the root of your project and put the middlewares into it.
```
/project
└─── api
└─── config
└─── middlewares
│ └─── responseTime // It will override the core default responseTime middleware.
│ - index.js
│ └─── views // It will be added into the stack of middleware.
│ - index.js
└─── public
- favicon.ico
- package.json
- server.js
```
Every middleware will be injected into the Koa stack. To manage the load order, please refer to the [Middleware order section](#load-order).
## Configuration and activation
To configure the middlewares of your application, you need to create or edit the `./config/middleware.js` file in your Strapi app.
By default this file doesn't exist, you will have to create it.
**Availabe options**
-`timeout` (integer): Defines the maximum allowed milliseconds to load a middleware.
-`load` (Object): Configuration middleware loading. See details [here](#load-order)
-`settings` (Object): Configuration of each middleware
-`{middlewareName}` (Object): Configuration of one middleware
-`enabled` (boolean): Tells Strapi to run the middleware or not
The middlewares are injected into the Koa stack asynchronously. Sometimes it happens that some of these middlewares need to be loaded in a specific order. To define a load order, create or edit the file `./config/middleware.js`.
-`expose` (array): Configures the `Access-Control-Expose-Headers` CORS header. If not specified, no custom headers are exposed. Default value: `["WWW-Authenticate", "Server-Authorization"]`.
-`maxAge` (integer): Configures the `Access-Control-Max-Age` CORS header. Default value: `31536000`.
-`credentials` (boolean): Configures the `Access-Control-Allow-Credentials` CORS header. Default value: `true`.
-`methods` (array)|String - Configures the `Access-Control-Allow-Methods` CORS header. Default value: `["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "HEAD"]`.
-`headers` (array): Configures the `Access-Control-Allow-Headers` CORS header. If not specified, defaults to reflecting the headers specified in the request's Access-Control-Request-Headers header. Default value: `["Content-Type", "Authorization", "X-Frame-Options"]`.
-`ip`
-`enabled` (boolean): Enable or disable IP blocker. Default value: `false`.
