DEV Community: Kashish Singh The latest articles on DEV Community by Kashish Singh (@singh_kashish). https://dev.to/singh_kashish https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3974646%2Fc266c99b-02a3-4e85-9a81-ba640b8bfd92.png DEV Community: Kashish Singh https://dev.to/singh_kashish en Architecting a Production-Ready Express + TypeScript API: Zod, Type Augmentation & Global Error Handling Kashish Singh Wed, 10 Jun 2026 15:52:08 +0000 https://dev.to/singh_kashish/architecting-a-production-ready-express-typescript-backend-type-augmentation-global-errors-and-7n1 https://dev.to/singh_kashish/architecting-a-production-ready-express-typescript-backend-type-augmentation-global-errors-and-7n1 <p>When building a personal finance tracker, data integrity and system reliability are non-negotiable. One missing try/catch block can introduce difficult-to-debug failures, and weak types can let invalid financial payloads corrupt your database.</p> <p>While building the backend for my personal finance tracker, I decided to move past generic tutorials and build a scalable, production-grade API core using Express, TypeScript, and Zod.</p> <p>In this post, I’ll show you how I implemented a type-safe middleware ecosystem, leveraged TypeScript declaration merging to extend the native Request object, and eliminated repetitive try/catch boilerplate across the entire codebase.</p> <h3> Stack Used </h3> <ul> <li>Express.js</li> <li>TypeScript</li> <li>Zod</li> <li>Helmet</li> <li>Morgan</li> <li>Swagger</li> <li>express-rate-limit</li> </ul> <h2> 1. Eliminating Boilerplate with the <code>asyncHandler</code> Pattern (HOF) </h2> <p>Writing try/catch blocks in every single controller handler clutters code and introduces human error—it’s easy to forget to pass an error to <code>next()</code>.</p> <p>To solve this, I created a Higher-Order Function (HOF) factory that wraps asynchronous request handlers and automatically catches rejected promises, safely routing them into the global error handler.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Request</span><span class="p">,</span> <span class="nx">Response</span><span class="p">,</span> <span class="nx">NextFunction</span><span class="p">,</span> <span class="nx">RequestHandler</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">asyncHandler</span> <span class="o">=</span> <span class="p">(</span><span class="nx">fn</span><span class="p">:</span> <span class="nx">RequestHandler</span><span class="p">):</span> <span class="nx">RequestHandler</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span><span class="na">req</span><span class="p">:</span> <span class="nx">Request</span><span class="p">,</span> <span class="na">res</span><span class="p">:</span> <span class="nx">Response</span><span class="p">,</span> <span class="na">next</span><span class="p">:</span> <span class="nx">NextFunction</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nb">Promise</span><span class="p">.</span><span class="nf">resolve</span><span class="p">(</span><span class="nf">fn</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)).</span><span class="k">catch</span><span class="p">(</span><span class="nx">next</span><span class="p">);</span> <span class="p">};</span> <span class="p">};</span> </code></pre> </div> <h3> The Code Evolution: From Boilerplate to Declarative Architecture </h3> <p>To see why this abstraction is a massive win, look at how the controller layer evolves. Below is a side-by-side comparison of fetching a specific financial transaction using the traditional imperative approach versus our optimized, type-safe architecture.</p> <h4> ❌ The Old Approach (Bloated, Imperative &amp; Error-Prone) </h4> <p>Without a custom pipeline, every individual route handler becomes bogged down with parsing inputs, manually invoking defensive validation checks, formatting response shapes, and maintaining exception routing structures. If you miss a <code>catch(next)</code> path, errors may bypass Express's error middleware and result in unhandled promise rejections or inconsistent client responses:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Request</span><span class="p">,</span> <span class="nx">Response</span><span class="p">,</span> <span class="nx">NextFunction</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">transactionIdSchema</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../validators/transaction.validator</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">getTransactionService</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../services/transaction.service</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">AppError</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../utils/AppError</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">getTransaction</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span> <span class="nx">req</span><span class="p">:</span> <span class="nx">Request</span><span class="p">,</span> <span class="nx">res</span><span class="p">:</span> <span class="nx">Response</span><span class="p">,</span> <span class="nx">next</span><span class="p">:</span> <span class="nx">NextFunction</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// 1. Manual validation footprint inside business controller</span> <span class="kd">const</span> <span class="nx">parsedId</span> <span class="o">=</span> <span class="nx">transactionIdSchema</span><span class="p">.</span><span class="nf">safeParse</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">parsedId</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">AppError</span><span class="p">(</span> <span class="nx">parsedId</span><span class="p">.</span><span class="nx">error</span><span class="p">.</span><span class="nx">issues</span><span class="p">[</span><span class="mi">0</span><span class="p">]?.</span><span class="nx">message</span> <span class="o">??</span> <span class="dl">'</span><span class="s1">Invalid transaction id</span><span class="dl">'</span><span class="p">,</span> <span class="mi">400</span> <span class="p">);</span> <span class="p">}</span> <span class="c1">// 2. Business logic invocation</span> <span class="kd">const</span> <span class="nx">transaction</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getTransactionService</span><span class="p">(</span> <span class="nx">parsedId</span><span class="p">.</span><span class="nx">data</span><span class="p">,</span> <span class="nx">req</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">userId</span> <span class="p">);</span> <span class="c1">// 3. Raw response formatting</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">data</span><span class="p">:</span> <span class="nx">transaction</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// 4. Repetitive catch block required everywhere to prevent runtime failure</span> <span class="nf">next</span><span class="p">(</span><span class="nx">error</span><span class="p">);</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <h4> The Modern Approach (Declarative, Focused &amp; Clean) </h4> <p>By pulling validation logic into our generic middleware factory and wrapping the handler in <code>asyncHandler</code>, the controller shrinks into a lightweight, high-signal function.</p> <p>Data validation is guaranteed upstream by the routing layer, errors route down automatically, and the handler focuses strictly on orchestrating data delivery:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">getTransactionService</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../services/transaction.service</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">TransactionIdType</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../validators/transaction.validator</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">sendSuccess</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../utils/sendSuccess</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">asyncHandler</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../utils/asyncHandler</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">getTransaction</span> <span class="o">=</span> <span class="nf">asyncHandler</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// 1. Extract clean, pre-validated parameters safely via type assertion</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">id</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">validated</span><span class="p">?.</span><span class="nx">params</span> <span class="k">as</span> <span class="nx">TransactionIdType</span><span class="p">;</span> <span class="c1">// 2. Invoke core business logic service</span> <span class="kd">const</span> <span class="nx">transaction</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getTransactionService</span><span class="p">(</span> <span class="nx">id</span><span class="p">,</span> <span class="nx">req</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nx">userId</span> <span class="p">);</span> <span class="c1">// 3. Standardized, reliable JSON streaming utility</span> <span class="nf">sendSuccess</span><span class="p">(</span><span class="nx">res</span><span class="p">,</span> <span class="mi">200</span><span class="p">,</span> <span class="nx">transaction</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <h2> 2. TypeScript Magic: Declaration Merging &amp; Type Augmentation </h2> <p>When dealing with authentication tokens, request tracing (<code>requestId</code>), or custom validated payloads, developers frequently resort to casting the request as <code>any</code> (e.g., <code>(req as any).userId</code>). This completely destroys type safety.</p> <p>Instead of fighting the compiler, I leveraged TypeScript Declaration Merging to reopen Express's internal <code>Request</code> interface and merge my custom metadata natively.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="p">{};</span> <span class="c1">// Forces this file to be treated as a module</span> <span class="kr">declare</span> <span class="nb">global</span> <span class="p">{</span> <span class="k">namespace</span> <span class="nx">Express</span> <span class="p">{</span> <span class="kr">interface</span> <span class="nx">Request</span> <span class="p">{</span> <span class="nl">auth</span><span class="p">:</span> <span class="p">{</span> <span class="na">userId</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">};</span> <span class="nl">requestId</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">validated</span><span class="p">?:</span> <span class="p">{</span> <span class="nx">body</span><span class="p">?:</span> <span class="nx">unknown</span><span class="p">;</span> <span class="nl">query</span><span class="p">?:</span> <span class="nx">unknown</span><span class="p">;</span> <span class="nl">params</span><span class="p">?:</span> <span class="nx">unknown</span><span class="p">;</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Because <code>.d.ts</code> declaration files emit no runtime JavaScript after compilation, this provides compile-time guarantees without adding overhead to the production build.</p> <h2> 3. The Validation Pipeline: Middleware Factories with Zod </h2> <p>Financial APIs accept a lot of data—transaction parameters, updates, limits. Validating inputs right inside the controller logic violates the Separation of Concerns principle.</p> <p>I built a generic Middleware Factory named <code>validate</code>. It accepts a Zod schema and a data source destination (<code>body</code>, <code>query</code>, or <code>params</code>), validates the payload dynamically, safely appends the typed schema data back onto our augmented <code>req.validated</code> object, and automatically blocks malformed requests:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">NextFunction</span><span class="p">,</span> <span class="nx">Request</span><span class="p">,</span> <span class="nx">Response</span><span class="p">,</span> <span class="nx">RequestHandler</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">express</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">z</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">zod</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">AppError</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">../utils/AppError</span><span class="dl">"</span><span class="p">;</span> <span class="kd">type</span> <span class="nx">Source</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">params</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">body</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">query</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nf">validate</span><span class="o">&lt;</span><span class="nx">T</span> <span class="kd">extends</span> <span class="nx">z</span><span class="p">.</span><span class="nx">ZodType</span><span class="o">&gt;</span><span class="p">(</span><span class="nx">schema</span><span class="p">:</span> <span class="nx">T</span><span class="p">,</span> <span class="nx">source</span><span class="p">:</span> <span class="nx">Source</span><span class="p">):</span> <span class="nx">RequestHandler</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span><span class="nx">req</span><span class="p">:</span> <span class="nx">Request</span><span class="p">,</span> <span class="nx">_res</span><span class="p">:</span> <span class="nx">Response</span><span class="p">,</span> <span class="nx">next</span><span class="p">:</span> <span class="nx">NextFunction</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">parsedValue</span> <span class="o">=</span> <span class="nx">schema</span><span class="p">.</span><span class="nf">safeParse</span><span class="p">(</span><span class="nx">req</span><span class="p">[</span><span class="nx">source</span><span class="p">]);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">parsedValue</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">next</span><span class="p">(</span><span class="k">new</span> <span class="nc">AppError</span><span class="p">(</span><span class="nx">parsedValue</span><span class="p">.</span><span class="nx">error</span><span class="p">.</span><span class="nx">issues</span><span class="p">[</span><span class="mi">0</span><span class="p">]?.</span><span class="nx">message</span> <span class="o">??</span> <span class="dl">"</span><span class="s2">Validation Error</span><span class="dl">"</span><span class="p">,</span> <span class="mi">400</span><span class="p">));</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">req</span><span class="p">.</span><span class="nx">validated</span><span class="p">)</span> <span class="p">{</span> <span class="nx">req</span><span class="p">.</span><span class="nx">validated</span> <span class="o">=</span> <span class="p">{};</span> <span class="p">}</span> <span class="nx">req</span><span class="p">.</span><span class="nx">validated</span><span class="p">[</span><span class="nx">source</span><span class="p">]</span> <span class="o">=</span> <span class="nx">parsedValue</span><span class="p">.</span><span class="nx">data</span><span class="p">;</span> <span class="nf">next</span><span class="p">();</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <h3> Declarative Route Handling in Practice </h3> <p>Look how clean and readable a route becomes when combining the <code>validate</code> pipeline. The pipeline acts as an explicit gatekeeper—the controller code won't even execute unless the request strictly satisfies your Zod schema constraints:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">router</span><span class="p">.</span><span class="nf">patch</span><span class="p">(</span> <span class="dl">'</span><span class="s1">/transactions/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nf">validate</span><span class="p">(</span><span class="nx">transactionIdSchema</span><span class="p">,</span> <span class="dl">'</span><span class="s1">params</span><span class="dl">'</span><span class="p">),</span> <span class="nf">validate</span><span class="p">(</span><span class="nx">updateTransactionSchema</span><span class="p">,</span> <span class="dl">'</span><span class="s1">body</span><span class="dl">'</span><span class="p">),</span> <span class="nf">asyncHandler</span><span class="p">(</span><span class="nx">updateTransaction</span><span class="p">)</span> <span class="p">);</span> </code></pre> </div> <h2> 4. Centralized Error Mapping </h2> <p>Rather than writing messy <code>return res.status(400).json(...)</code> strings throughout my controllers, I funneled all app errors into a dedicated, global Error Middleware. It inspects error instances on the fly, correctly catches operational app errors and Zod validation errors, and safely falls back to standard HTTP statuses:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Request</span><span class="p">,</span> <span class="nx">Response</span><span class="p">,</span> <span class="nx">NextFunction</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ZodError</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">zod</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">AppError</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../utils/AppError</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">errorMiddleware</span> <span class="o">=</span> <span class="p">(</span><span class="nx">err</span><span class="p">:</span> <span class="nx">unknown</span><span class="p">,</span> <span class="nx">_req</span><span class="p">:</span> <span class="nx">Request</span><span class="p">,</span> <span class="nx">res</span><span class="p">:</span> <span class="nx">Response</span><span class="p">,</span> <span class="nx">_next</span><span class="p">:</span> <span class="nx">NextFunction</span><span class="p">):</span> <span class="k">void</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">statusCode</span> <span class="o">=</span> <span class="mi">500</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">message</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">Internal Server Error</span><span class="dl">'</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span> <span class="k">instanceof</span> <span class="nx">AppError</span><span class="p">)</span> <span class="p">{</span> <span class="nx">statusCode</span> <span class="o">=</span> <span class="nx">err</span><span class="p">.</span><span class="nx">statusCode</span><span class="p">;</span> <span class="nx">message</span> <span class="o">=</span> <span class="nx">err</span><span class="p">.</span><span class="nx">message</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span> <span class="k">instanceof</span> <span class="nx">ZodError</span><span class="p">)</span> <span class="p">{</span> <span class="nx">statusCode</span> <span class="o">=</span> <span class="mi">400</span><span class="p">;</span> <span class="nx">message</span> <span class="o">=</span> <span class="nx">err</span><span class="p">.</span><span class="nx">issues</span><span class="p">[</span><span class="mi">0</span><span class="p">]?.</span><span class="nx">message</span> <span class="o">??</span> <span class="dl">'</span><span class="s1">Validation Error</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span> <span class="k">instanceof</span> <span class="nb">Error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">message</span> <span class="o">=</span> <span class="nx">err</span><span class="p">.</span><span class="nx">message</span><span class="p">;</span> <span class="p">}</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="nx">statusCode</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">success</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="nx">message</span><span class="p">,</span> <span class="p">});</span> <span class="p">};</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">errorMiddleware</span><span class="p">;</span> </code></pre> </div> <p>Before looking at the actual <code>app.ts</code> implementation, here's a high-level view of how requests flow through the system. Each layer has a single responsibility—security, observability, validation, business logic, or error handling—which keeps the application predictable and easy to scale.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Incoming Request │ ▼ ┌─────────────────┐ │ requestId │ └─────────────────┘ │ ▼ ┌─────────────────┐ │ Rate Limiter │ │ Helmet │ │ CORS │ └─────────────────┘ │ ▼ ┌─────────────────┐ │ Logger │ └─────────────────┘ │ ▼ ┌─────────────────┐ │ Zod Validation │ └─────────────────┘ │ ▼ ┌─────────────────┐ │ asyncHandler │ └─────────────────┘ │ ▼ ┌─────────────────┐ │ Controller │ └─────────────────┘ │ ▼ ┌─────────────────┐ │ Service Layer │ └─────────────────┘ │ ├─────────────► Success Response │ ▼ ┌─────────────────┐ │ Global Error │ │ Middleware │ └─────────────────┘ │ ▼ Error Response </code></pre> </div> <h2> 5. The Symphony: Orchestrating Middleware in <code>app.ts</code> </h2> <p>Writing great middleware is only half the battle. In Express, registration order is execution order. If you place a logging middleware after your routes, it won't log anything. If you place your error handler before your routes, your application will crash on async rejections.</p> <p>Here is how I wired the entry point of the application (<code>app.ts</code>) to ensure enterprise-grade security, optimization, and request tracing run flawlessly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">express</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">helmet</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">helmet</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">cors</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">cors</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">compression</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">compression</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">cookieParser</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">cookie-parser</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">swaggerUi</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">swagger-ui-express</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">healthRoutes</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./routes/health.routes</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">authRoutes</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./routes/auth.routes</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">transactionRoutes</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./routes/transaction.routes</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">analyticsRoutes</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./routes/analytics.routes</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">errorMiddleware</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./middlewares/error.middleware</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">logger</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./middlewares/logger.middleware</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">globalLimiter</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./middlewares/rateLimit.middleware</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">requestIdMiddleware</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./middlewares/requestId.middleware</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">swaggerSpec</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./config/swagger</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="c1">// 1. Ingestion &amp; Request Tracing Layer (Runs first to stamp every request)</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">requestIdMiddleware</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api-docs</span><span class="dl">'</span><span class="p">,</span> <span class="nx">swaggerUi</span><span class="p">.</span><span class="nx">serve</span><span class="p">,</span> <span class="nx">swaggerUi</span><span class="p">.</span><span class="nf">setup</span><span class="p">(</span><span class="nx">swaggerSpec</span><span class="p">));</span> <span class="c1">// 2. Security &amp; Traffic Control Layer</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">globalLimiter</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">helmet</span><span class="p">());</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">cors</span><span class="p">({</span> <span class="na">origin</span><span class="p">:</span> <span class="dl">'</span><span class="s1">http://localhost:5173</span><span class="dl">'</span><span class="p">,</span> <span class="na">credentials</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">}));</span> <span class="c1">// 3. Performance &amp; Parsing Layer</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">compression</span><span class="p">());</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">cookieParser</span><span class="p">());</span> <span class="c1">// 4. Observability Layer (Must stay above routes to attach event listeners)</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">logger</span><span class="p">);</span> <span class="c1">// 5. Business Logic / Domain Routes</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="nx">healthRoutes</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authRoutes</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="nx">transactionRoutes</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="nx">analyticsRoutes</span><span class="p">);</span> <span class="c1">// 6. The Safety Net (Must be registered LAST)</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">errorMiddleware</span><span class="p">);</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">app</span><span class="p">;</span> </code></pre> </div> <h3> Why this specific lifecycle order matters: </h3> <ul> <li> <strong><code>requestIdMiddleware</code> sits at the absolute top:</strong> Every request needs a unique UUID stamped onto it immediately so that our downstream observability tools and logs can group asynchronous operations cleanly.</li> <li> <strong><code>logger</code> sits right above the routes:</strong> Logging tools like Morgan attach event listeners directly to the Node.js HTTP response lifecycle. Placing it right above the routes guarantees every incoming API request is caught and tracked chronologically.</li> <li> <strong><code>errorMiddleware</code> sits at the absolute bottom:</strong> Express skips standard middleware when <code>next(err)</code> is invoked, hunting downstream exclusively for a function signature with 4 parameters <code>(err, req, res, next)</code>. If any route throws an error, it drops straight down into this safety net.</li> </ul> <h2> Conclusion </h2> <p>The goal wasn't simply to make the code cleaner—it was to make the system easier to reason about, safer to extend, and harder to break as new features are added.</p> <p>By combining Declaration Merging, Higher-Order Functions, and Schema-Driven validation factories, the architecture of this personal finance backend delivers several engineering benefits:</p> <ol> <li> <strong>Near-zero unhandled async route errors:</strong> The <code>asyncHandler</code> pattern eliminates a major class of unhandled async route errors.</li> <li> <strong>Type safety:</strong> <code>req.auth</code> and <code>req.validated</code> remain type-safe and discoverable throughout the request lifecycle.</li> <li> <strong>Reduced bug surface area:</strong> Code reviewers can clearly audit validation criteria directly from route declarations without digging through controller implementations.</li> </ol> <blockquote> <p><strong>Note:</strong> Express 5 includes native async error propagation. The <code>asyncHandler</code> pattern remains valuable for Express 4 projects and teams that prefer explicit handler wrapping.</p> </blockquote> <p>💬 <strong>Over to You:</strong></p> <p>How do you usually structure your Express + TypeScript applications? Do you prefer declaration merging for extending the Request object, or do you pass custom context through another pattern?</p> <p>Let me know your thoughts, critiques, or alternative approaches in the comments below.</p> typescript node webdev express