fresh
fresh copied to clipboard
denoland
Root _middleware is called for every request
I'm working on a session middleware which is called in the routes/_middleware.ts to be able to access the session across the app.
As I see it, the root _middleware is called for every request even the one outside the routes (e.g. static resource request, _frsh/alive, etc.) which could be the intended behavior as it's consider a global middleware.
My issue is that with this behavior, it's impossible to keep a session initialization in the root middleware and implement features like session flash as the multiple request expires the flashed data.
It could be possible to filter out from the request, but seems pretty unreliable.
Is it the expected behavior ? If so, maybe routes/_middleware could be reserved only for request routed to a route, and we could find another way to implement global middlewares ?
@xstevenyung this is a little bit unrelated to the issue title, but I work on a session library for Oak (I see you starred it BTW, thanks!). The strategy we use for handling flash messages is to simply delete the message from session storage only after it's been read, not necessarily at the next request, just to get around this.
I agree with your point though about maybe not wanting every single request (like static files or fresh-related dev stuff) triggering the top-level route. The best way might be to filter out certain requests by URL or file/MIME type for now.
Thanks for the idea @jcs224 , it seems like a nice solution for the time being.
I took some inspiration from your library to make a first draft of fresh-session but must have missed how you handle flash messages, love the work that you've done there.
Thanks again for taking the time to point it out, really appreciate it 🙌
Maybe a targetRoute parameter on the context would be useful? That would either specify the target "final" route, or if it is an internal request would specify null or something.
You could then use this to determine if the request is intended for a custom route, or an internal endpoint.
This is great! I noticed that I wanted my middleware to behave exactly how @xstevenyung described it. It already works correctly if my middleware was only applied to a directory. I currently use a big 'ol if statement to check the route before applying my session middleware, but it's grown to be about half the lines in my middleware.
My issue is that I keep forgetting to add new routes to this middleware check. targetRoute sounds like a good solution to me. That would also enable me to make exclusionary checks instead and my sessions would just work when I add new routes.
I'd also love something like this. It was definitely unintuitive to me that routes/_middleware.ts was being called even for static assets (but it does make sense that it's always called)
Any progress on this? I'm trying to implement Supabase Auth with middleware and it fires of a bunch of concurrent token refresh requests which invalidates my refresh token 😭 Any recommendation how to limit the number of executions?
If you just want to look at an example, here ya go: https://github.com/Hyprtxt/fresh-strapi.deno.dev/blob/main/routes/_middleware.js#L74-L87
The code runs on every request, even the static assets, but the session logic is gated to specific routes, some in an array and some by path.
Another approach is middleware in subdirectories: https://github.com/Hyprtxt/fresh-strapi.deno.dev/blob/main/routes/account/_middleware.js