mirror of
https://github.com/strapi/strapi.git
synced 2025-07-13 20:11:47 +00:00
f07a99542a
noticed the defaults object was not being merged with the config, as a work around I've added the settings manually
240 lines
5.3 KiB
Markdown
240 lines
5.3 KiB
Markdown
# Middlewares
|
|
|
|
The middlewares are functions which are composed and executed in a stack-like manner upon request. If you are not familiar with the middleware stack in Koa, we highly recommend you to read the [Koa's documentation introduction](http://koajs.com/#introduction).
|
|
|
|
Enable the middleware in environments settings
|
|
|
|
**Path —** [`config/environments/**`]
|
|
```json
|
|
"urlReader": {
|
|
"enabled": true
|
|
}
|
|
```
|
|
|
|
**Path —** [`strapi/lib/middlewares/responseTime/index.js`](https://github.com/strapi/strapi/blob/master/packages/strapi/lib/middlewares/responseTime/index.js).
|
|
```js
|
|
module.exports = strapi => {
|
|
return {
|
|
initialize: function(cb) {
|
|
strapi.app.use(async (ctx, next) => {
|
|
const start = Date.now();
|
|
|
|
await next();
|
|
|
|
const delta = Math.ceil(Date.now() - start);
|
|
|
|
// Set X-Response-Time header
|
|
ctx.set('X-Response-Time', delta + 'ms');
|
|
});
|
|
|
|
cb();
|
|
}
|
|
};
|
|
};
|
|
```
|
|
|
|
- `initialize` (function): Called during the server boot. The callback `cb` needs to be called. Otherwise, the middleware won't be loaded into the stack.
|
|
|
|
The core of Strapi embraces a small list of middlewares for performances, security and great error handling.
|
|
|
|
- boom
|
|
- cors
|
|
- cron
|
|
- csp
|
|
- csrf
|
|
- favicon
|
|
- gzip
|
|
- hsts
|
|
- ip
|
|
- language
|
|
- logger
|
|
- p3p
|
|
- parser
|
|
- public
|
|
- responses
|
|
- responseTime
|
|
- router
|
|
- session
|
|
- xframe
|
|
- xss
|
|
|
|
> Note: The following middlewares cannot be disabled: responses, router, logger and boom.
|
|
|
|
## Structure
|
|
|
|
A middleware needs to follow the structure below:
|
|
|
|
```
|
|
/lib
|
|
- index.js
|
|
```
|
|
|
|
The `index.js` is the entry point to your middleware. It should look like the example above.
|
|
|
|
## Custom middlewares
|
|
|
|
The framework allows the application to override the default middlewares and add new ones. You have to create a `./middlewares` folder at the root of your project and put the middlewares into it.
|
|
|
|
```
|
|
/project
|
|
└─── admin
|
|
└─── api
|
|
└─── config
|
|
└─── middlewares
|
|
│ └─── responseTime // It will override the core default responseTime middleware
|
|
│ └─── views // It will be added into the stack of middleware
|
|
└─── plugins
|
|
└─── public
|
|
- favicon.ico
|
|
- package.json
|
|
- server.js
|
|
```
|
|
|
|
Every middleware will be injected into the Koa stack. To manage the load order, please refer to the [Middleware order section](#load-order).
|
|
|
|
## Load order
|
|
|
|
The middlewares are injected into the Koa stack asynchronously. Sometimes it happens that some of these middlewares need to be loaded in a specific order. To define a load order, we created a dedicated file located in `./config/middleware.json`.
|
|
|
|
**Path —** `./config/middleware.json`.
|
|
```json
|
|
{
|
|
"timeout": 100,
|
|
"load": {
|
|
"before": [
|
|
"responseTime",
|
|
"logger",
|
|
"cors",
|
|
"responses"
|
|
],
|
|
"order": [
|
|
"Define the middlewares' load order by putting their name in this array in the right order"
|
|
],
|
|
"after": [
|
|
"parser",
|
|
"router"
|
|
]
|
|
}
|
|
}
|
|
```
|
|
|
|
- `timeout`: defines the maximum allowed milliseconds to load a middleware.
|
|
- `load`:
|
|
- `before`: array of middlewares that need to be loaded in the first place. The order of this array matters.
|
|
- `order`: array of middlewares that need to be loaded in a specific order.
|
|
- `after`: array of middlewares that need to be loaded at the end of the stack. The order of this array matters.
|
|
|
|
#### Examples
|
|
|
|
**Load a middleware at the very first place**
|
|
|
|
**Path —** `./config/middleware.json`
|
|
```json
|
|
{
|
|
"timeout": 100,
|
|
"load": {
|
|
"before": [
|
|
"responseTime",
|
|
"logger"
|
|
],
|
|
"order": [],
|
|
"after": []
|
|
}
|
|
}
|
|
```
|
|
|
|
The `responseTime` middleware will be loaded first. Immediately followed by the `logger` middleware. Then, the others middlewares will be loaded asynchronously.
|
|
|
|
|
|
**Load a middleware after another one**
|
|
|
|
**Path —** `./config/middleware.json`.
|
|
```json
|
|
{
|
|
"timeout": 100,
|
|
"load": {
|
|
"before": [],
|
|
"order": [
|
|
"p3p",
|
|
"gzip"
|
|
],
|
|
"after": []
|
|
}
|
|
}
|
|
```
|
|
|
|
The `gzip` middleware will be loaded after the `p3p` middleware. All the others will be loaded asynchronously.
|
|
|
|
|
|
**Load a middleware at the very end**
|
|
|
|
**Path —** `./config/middleware.json`.
|
|
```json
|
|
{
|
|
"timeout": 100,
|
|
"load": {
|
|
"before": [
|
|
...
|
|
],
|
|
"order": [],
|
|
"after": [
|
|
"parser",
|
|
"router"
|
|
]
|
|
}
|
|
}
|
|
```
|
|
|
|
The `router` middleware will be loaded at the very end. The `parser` middleware will be loaded after all the others and just before the `router` middleware.
|
|
|
|
|
|
**Complete example**
|
|
|
|
For this example, we are going to imagine that we have 10 middlewares to load:
|
|
|
|
- cors
|
|
- cron
|
|
- favicon
|
|
- gzip
|
|
- logger
|
|
- p3p
|
|
- parser
|
|
- response
|
|
- responseTime
|
|
- router
|
|
|
|
We assume that we set the `./config/middleware.json` file like this:
|
|
```json
|
|
{
|
|
"timeout": 100,
|
|
"load": {
|
|
"before": [
|
|
"responseTime",
|
|
"logger",
|
|
"cors",
|
|
],
|
|
"order": [
|
|
"p3p",
|
|
"gzip"
|
|
],
|
|
"after": [
|
|
"parser",
|
|
"router"
|
|
]
|
|
}
|
|
}
|
|
```
|
|
|
|
Here is the loader order:
|
|
|
|
1. responseTime (loaded at the very first place)
|
|
2. logger
|
|
3. cors
|
|
4. favicon (position order not guarantee)
|
|
5. p3p
|
|
6. cron
|
|
7. gzip (loaded after the p3p middlewares)
|
|
8. response (position order not guarantee)
|
|
9. parser
|
|
10. router (loaded at the very end place)
|