HTTP Middleware


Each time your app receives an HTTP request, the configured HTTP middleware stack runs in order. HTTP middleware provide a convenient mechanism for filtering/modifying HTTP requests entering your application. For example, Quorra includes a middleware that attaches the session object to the request object before it reaches the route. Like that one can create a custom auth middleware which will allow the request to pass to the route only if user is authenticated. A ServeStatic middleware might be responsible for responding with requested static resource. A logging middleware might log all incoming requests to your application.

There are several middleware included in the Quorra framework by default, including middleware for session handling, query parsing, enabling http method override feature, and more. All of these middlewares can be turned off or on from app/config/middleware.js configuration file.

Custom Middleware

To create a new middleware, use the make:middleware Quorra command:

quorra generate-middleware AgeMiddleware

This command will place a new AgeMiddleware constructor within your app/middlewares directory. In this middleware, we will only allow access to the route if the supplied age is greater than 200. Otherwise, we will issue a request not acceptable error.

function AgeMiddleware(app, next){
    this.__app = app;
    this.__next = next;

AgeMiddleware.prototype.handle = function(request, response) {
    if (request.input.get('age') <= 200) {
    } else {
         this.__next.handle(request, response);

module.exports = AgeMiddleware;

As you can see, if the given age is less than or equal to 200, the middleware will throw an HTTP error; otherwise, the request will be passed further into the application. To pass the request deeper into the application (allowing the middleware to "pass"), simply call the next callback with the request and response object.

It's best to envision middleware as a series of "layers" HTTP requests must pass through before they hit your application. Each layer can examine the request and even reject it entirely.

Registering Middleware

Syntax for registering a custom middleware is:

App.middleware(require('<middleware constructor>'));

You can register your custom middleware with the application in app/routes.js file along with your application routes, or you can create a middleware.js file in app directory and include it in the app/start/global.js file like:

require(path.join(, 'middleware'));