Middleware
Intercept dan modifikasi request dengan Onion Architecture. 🛡️
🔗 Middleware
Middleware adalah fungsi yang dieksekusi di antara request masuk dan response keluar. BlizzardTS menggunakan model Onion Architecture (seperti Koa), yang memungkinkan kamu melakukan aksi sebelum dan sesudah handler utama.
Konsep Dasar
Middleware menerima dua argumen:
c: Context object.next: Fungsi async untuk memanggil middleware berikutnya (atau handler utama).
app.use(async (c, next) => {
// ⬇️ Sebelum Handler (Pre-processing)
console.log("Request masuk...");
await next(); // Jalankan middleware selanjutnya
// ⬆️ Setelah Handler (Post-processing)
console.log("Response dikirim!");
});Built-in Middleware
BlizzardTS menyediakan beberapa middleware penting siap pakai.
1. Logger
Mencatat detail request ke console dengan format yang rapi (Next.js style).
import { Blizzard, logger } from "blizzardts";
const app = Blizzard();
app.use(logger());2. CORS (Cross-Origin Resource Sharing)
Mengizinkan akses dari domain lain.
import { Blizzard, cors } from "blizzardts";
const app = Blizzard();
app.use(cors({
origin: "*", // Atau spesifik domain: "https://example.com"
methods: ["GET", "POST"],
allowHeaders: ["Content-Type", "Authorization"]
}));3. Compression
Compress responses (Gzip/Deflate) to improve performance.
import { compress } from "blizzardts";
app.use(compress());4. Session
Manage user sessions with secure cookies.
import { session } from "blizzardts";
app.use(session({
secret: "your-secret-key",
maxAge: 3600 // 1 hour
}));5. CSRF Protection
Protect against Cross-Site Request Forgery attacks. Requires session middleware.
import { csrf } from "blizzardts";
app.use(csrf());6. Serve Static
Menyajikan file statis dari direktori tertentu.
import { Blizzard, serveStatic } from "blizzardts";
const app = Blizzard();
// Serve file dari folder "public"
app.use(serveStatic("./public", {
maxAge: 3600 // Cache selama 1 jam
}));4. Rate Limiter (New in v0.1.5) 🛡️
Membatasi jumlah request dari IP yang sama untuk mencegah abuse/spam.
import { Blizzard, rateLimiter } from "blizzardts";
const app = Blizzard();
app.use(rateLimiter({
windowMs: 15 * 60 * 1000, // 15 menit
max: 100, // Maksimal 100 request per IP per windowMs
message: "Too many requests, please try again later."
}));5. Secure Headers (New in v0.1.5) 🔒
Menambahkan header keamanan standar (seperti Helmet) untuk melindungi aplikasi dari serangan umum (XSS, Clickjacking, dll).
import { Blizzard, secureHeaders } from "blizzardts";
const app = Blizzard();
app.use(secureHeaders());Membuat Custom Middleware
Authentication Middleware
Contoh middleware untuk memproteksi route dengan API Key.
const authMiddleware = async (c, next) => {
const apiKey = c.req.headers.get("x-api-key");
if (!apiKey || apiKey !== process.env.API_KEY) {
// ⛔ Stop chain, return error langsung
return c.status(401).json({ error: "Unauthorized" });
}
// ✅ Lanjut
await next();
};
app.use(async (c, next) => {
try {
await next();
} catch (err) {
console.error("Terjadi error:", err);
return c.status(500).json({ error: "Internal Server Error" });
}
});