DEV Community: Wakeel Kehinde Ige The latest articles on DEV Community by Wakeel Kehinde Ige (@tijjken). https://dev.to/tijjken https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F253476%2F92e0a116-70be-4e37-a20c-3464125df1a4.jpg DEV Community: Wakeel Kehinde Ige https://dev.to/tijjken en Express-Like Middleware in Next.js API Route Handler Wakeel Kehinde Ige Wed, 26 Mar 2025 01:32:07 +0000 https://dev.to/tijjken/express-like-middleware-in-nextjs-api-route-handler-4ebn https://dev.to/tijjken/express-like-middleware-in-nextjs-api-route-handler-4ebn <p>Next.js is an incredible framework. I mean it’s packed with <strong>server-side rendering (SSR), static site generation (SSG), API routes and powerful optimizations</strong> that make it one of the best choices for modern web development.</p> <p>But if you're coming from an Express.js background, especially when working with Nextjs API Route handlers, you might feel something’s missing - <strong>Middleware</strong>.</p> <p>In Express.js, middleware is at the core of request handling. It allows you to inject authentication, validation, logging, and other reusable logic before a request reaches the actual route handler. The traditional <code>req, res, next</code> flow makes it easy to chain multiple middleware functions together, ensuring every request passes through a structured pipeline.</p> <p>Next.js <strong>does</strong> provide middleware, but it works differently. Instead of the traditional Express-style approach, Next.js middleware runs at the <strong>edge</strong> before a request reaches a specific API route or page. This is called <strong>Edge Middleware</strong> and it operates at the CDN level, allowing you to modify requests and responses before they hit your application. It’s highly performant and ideal for tasks like <a href="https://nextjs.org/docs/app/building-your-application/routing/redirecting" rel="noopener noreferrer"><strong>auth redirects</strong></a>, <a href="https://vercel.com/blog/ab-testing-with-nextjs-and-vercel" rel="noopener noreferrer"><strong>A/B testing</strong></a>, <a href="https://nextjs.org/docs/app/building-your-application/routing/internationalization" rel="noopener noreferrer"><strong>internationalization</strong></a> and so on.</p> <p>However, Edge Middleware has some limitations; it doesn’t have access to request bodies, and you can’t use traditional Node.js APIs like <code>fs</code> or database queries. This means if you’re looking to implement middleware inside API routes in a way that feels like Express, you need a different approach.</p> <p>So, how do we bring back the flexibility of Express-like middleware inside Next.js API routes, while keeping it type-safe and developer-friendly?</p> <p>In this article, I'll show you how I built a flexible, type-safe middleware pattern for Next.js that brings back the best parts of Express without compromising Next.js’s strengths. If you’ve ever wished Next.js middleware worked more like Express, this is for you! 🚀</p> <h2> The Core Components </h2> <p>Our implementation consists of three main parts:</p> <ul> <li><p>Middleware handler</p></li> <li><p>Middleware functions</p></li> <li><p>Route handlers that use these middlewares</p></li> </ul> <h2> The Middleware Handler </h2> <p>First, let's look at our core middleware handler that orchestrates the middleware execution:</p> <p><code>handler.ts</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">handler</span><span class="p">:</span> <span class="nx">Handler</span> <span class="o">=</span> <span class="p">(...</span><span class="nx">middleware</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">async </span><span class="p">(</span><span class="nx">request</span><span class="p">,</span> <span class="nx">params</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">execMiddleware</span><span class="p">(</span><span class="nx">middleware</span><span class="p">,</span> <span class="nx">request</span><span class="p">,</span> <span class="nx">params</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">result</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">result</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="nc">ErrorResponse</span><span class="p">(</span><span class="dl">'</span><span class="s1">Your handler or middleware must return a NextResponse!</span><span class="dl">'</span><span class="p">,</span> <span class="mi">400</span><span class="p">);</span> <span class="p">};</span> </code></pre> </div> <h3> Code Explanation </h3> <p>This <code>handler</code>:</p> <ul> <li><p>Takes an <strong>array</strong> of middleware functions and the original handler function, then executes them in sequence</p></li> <li><p>It allows each middleware to either pass control to the next middleware or return a response</p></li> <li><p>At the end of the execution, If no response is returned, it sends an error response.</p></li> </ul> <h4> Now, let’s break down the <code>execMiddleware</code> function, which does the heavy lifting: </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">execMiddleware</span><span class="p">:</span> <span class="nx">ExecMiddleware</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">middleware</span><span class="p">,</span> <span class="nx">request</span><span class="p">,</span> <span class="nx">params</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">middlewareFn</span> <span class="k">of</span> <span class="nx">middleware</span><span class="p">)</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">nextInvoked</span> <span class="o">=</span> <span class="kc">false</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">next</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">nextInvoked</span> <span class="o">=</span> <span class="kc">true</span><span class="p">;</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">middlewareFn</span><span class="p">(</span><span class="nx">request</span><span class="p">,</span> <span class="nx">params</span><span class="p">,</span> <span class="nx">next</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">nextInvoked</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">result</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <h3> Code Explanation </h3> <p><strong>Iterating Over Middleware Functions:</strong></p> <ul> <li>We loop through the array of middleware functions (<code>for (const middlewareFn of middleware)</code>).</li> </ul> <p><strong>The</strong> <code>next</code> Function:</p> <ul> <li><p>Each middleware receives a <code>next</code> function it can call to pass control to the next middleware in the sequence.</p></li> <li><p>We use <code>let nextInvoked = false;</code> to track whether <code>next()</code> was actually called.</p></li> </ul> <p><strong>Handling Middleware Execution:</strong></p> <ul> <li><p>We <code>await</code> the middleware function, allowing it to process the request.</p></li> <li><p>If <code>next()</code> <strong>was not called</strong>, we assume the middleware returned a response, and we stop execution.</p></li> </ul> <p>This pattern allows us to chain multiple middleware functions together seamlessly just like in Express.js.</p> <p>Now, let’s define our middleware functions and see how to apply them in Next.js API routes.</p> <h2> Authentication Middleware </h2> <p>Here's an example of how we implement authentication middleware:</p> <p><code>protect.ts</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">protect</span><span class="p">:</span> <span class="nx">AuthorizeUser</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">params</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">token</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">authorization</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">authorization</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cookie</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">auth</span><span class="dl">'</span><span class="p">)?.</span><span class="nx">value</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">authorization</span> <span class="o">&amp;&amp;</span> <span class="o">!</span><span class="nx">cookie</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nc">ErrorResponse</span><span class="p">(</span><span class="dl">'</span><span class="s1">You are not logged in. Please log in to get access</span><span class="dl">'</span><span class="p">,</span> <span class="mi">401</span><span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">authorization</span> <span class="o">&amp;&amp;</span> <span class="nx">authorization</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">Bearer</span><span class="dl">'</span><span class="p">))</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">authorization</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1"> </span><span class="dl">'</span><span class="p">)[</span><span class="mi">1</span><span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="nx">cookie</span><span class="p">)</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">cookie</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="p">(</span><span class="k">await</span> <span class="nf">verifyToken</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span><span class="o">!</span><span class="p">))</span> <span class="k">as</span> <span class="nx">User</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nf">isEmpty</span><span class="p">(</span><span class="nx">user</span><span class="p">))</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span> <span class="o">=</span> <span class="nx">user</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">handleTokenError</span><span class="p">(</span><span class="nx">error</span><span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nf">isEmpty</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nc">ErrorResponse</span><span class="p">(</span><span class="dl">'</span><span class="s1">Not authorized to access this route</span><span class="dl">'</span><span class="p">,</span> <span class="mi">401</span><span class="p">);</span> <span class="p">}</span> <span class="nf">next</span><span class="p">();</span> <span class="p">};</span> </code></pre> </div> <p>Looks familiar? That's because it's almost identical to the authorizeUser middleware in Express.js to protect routes!</p> <h3> <strong>Code Explanation:</strong> </h3> <p>This middleware ensures that only authenticated users can access protected routes.</p> <ol> <li><strong>Extract Token:</strong></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>* It first checks if an authentication token is provided either in: * The `Authorization` header (`Bearer &lt;token&gt;`) * The `auth` cookie. * If no token is found, it returns a `401 Unauthorized` error. </code></pre> </div> <ol> <li><strong>Verify Token:</strong></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>* If the token exists, it verifies it using `verifyToken(token, process.env.JWT_SECRET!)`. * If the token is valid, it extracts the user information and attaches it to `req.user`. </code></pre> </div> <ol> <li><strong>Handle Errors:</strong></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>* If an error occurs (invalid or expired token), it calls `handleTokenError(error)`. * If no valid user is found, it returns a `401 Unauthorized` error. </code></pre> </div> <ol> <li><strong>Proceed to Next Middleware:</strong></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>* If authentication succeeds, it calls `next()` to allow access to the next middleware or the handler itself if no other middleware. </code></pre> </div> <h2> Role-Based Authorization </h2> <p>We also implemented a flexible role-based authorization middleware:</p> <p><code>authorize.ts</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">authorize</span><span class="p">:</span> <span class="nx">AuthorizeRoles</span> <span class="o">=</span> <span class="p">(...</span><span class="nx">roles</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">params</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">roles</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">role</span><span class="p">))</span> <span class="k">return</span> <span class="nc">ErrorResponse</span><span class="p">(</span><span class="dl">'</span><span class="s1">Forbidden: Access denied</span><span class="dl">'</span><span class="p">,</span> <span class="mi">401</span><span class="p">);</span> <span class="nf">next</span><span class="p">();</span> <span class="p">};</span> <span class="p">};</span> </code></pre> </div> <h3> <strong>Code Explanation:</strong> </h3> <p>This middleware restricts access based on user roles.</p> <ol> <li><strong>Receives a List of Allowed Roles:</strong></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>* It takes an array of roles (e.g., `'ADMIN', 'USER'`). </code></pre> </div> <ol> <li><strong>Checks User Role:</strong></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>* If `req.user.role` is not included in the allowed roles, it returns a `401 Forbidden` error. </code></pre> </div> <ol> <li><strong>Allows Access If Authorized:</strong></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>* If the user has a valid role, it calls `next()` to proceed to the next middleware or the handler itself if no other middleware. </code></pre> </div> <h2> Using the Middleware in Routes </h2> <p>Now that we have our middleware functions, let's see how to apply them in Next.js API routes.</p> <p><code>user/route.ts</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Example protected route</span> <span class="kd">const</span> <span class="nx">handleGetLoggedinUser</span> <span class="o">=</span> <span class="nf">asyncHandler</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">:</span> <span class="nx">CustomRequest</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">prisma</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nf">findUnique</span><span class="p">({</span> <span class="na">where</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> <span class="p">});</span> <span class="k">return</span> <span class="nc">ApiResponse</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">GET</span> <span class="o">=</span> <span class="nf">handler</span><span class="p">(</span><span class="nx">protect</span><span class="p">,</span> <span class="nx">handleGetLoggedinUser</span><span class="p">);</span> </code></pre> </div> <h3> <strong>Explanation:</strong> </h3> <ol> <li> <code>handleGetLoggedinUser</code> (Protected Route)</li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>* Retrieves the currently logged-in user from the database. </code></pre> </div> <ol> <li><strong>Route Middleware Handling</strong></li> </ol> <ul> <li> <code>GET /user</code> → Uses <code>protect</code> middleware to ensure the request is authenticated,.</li> </ul> <p><code>user/[id]/route.ts</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="c1">// Example authorized route</span> <span class="kd">const</span> <span class="nx">handleDeleteUser</span> <span class="o">=</span> <span class="nf">asyncHandler</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">:</span> <span class="nx">CustomRequest</span><span class="p">,</span> <span class="nx">params</span><span class="p">:</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">id</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">params</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">prisma</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nf">findUnique</span><span class="p">({</span> <span class="na">where</span><span class="p">:</span> <span class="p">{</span> <span class="nx">id</span> <span class="p">}</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nc">ErrorResponse</span><span class="p">(</span><span class="dl">'</span><span class="s1">User not found</span><span class="dl">'</span><span class="p">,</span> <span class="mi">404</span><span class="p">);</span> <span class="p">}</span> <span class="k">await</span> <span class="nx">prisma</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="k">delete</span><span class="p">({</span> <span class="na">where</span><span class="p">:</span> <span class="p">{</span> <span class="nx">id</span> <span class="p">}</span> <span class="p">});</span> <span class="k">return</span> <span class="nc">ApiResponse</span><span class="p">(</span><span class="kc">null</span><span class="p">,</span> <span class="dl">'</span><span class="s1">User deleted successfully</span><span class="dl">'</span><span class="p">);</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">DELETE</span> <span class="o">=</span> <span class="nf">handler</span><span class="p">(</span><span class="nx">protect</span><span class="p">,</span> <span class="nf">authorize</span><span class="p">(</span><span class="dl">'</span><span class="s1">ADMIN</span><span class="dl">'</span><span class="p">),</span> <span class="nx">handleDeleteUser</span><span class="p">);</span> <span class="k">export</span> <span class="p">{</span> <span class="nx">GET</span><span class="p">,</span> <span class="nx">DELETE</span> <span class="p">};</span> </code></pre> </div> <h3> <strong>Explanation:</strong> </h3> <ol> <li> <code>handleDeleteUser</code> (Role-Restricted Route)</li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>* Deletes a user based on the provided `id`. </code></pre> </div> <ol> <li><strong>Route Middleware Handling</strong></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>* `DELETE /user/:id` → Uses both `protect` and `authorize('ADMIN')`, ensuring the request is first authenticated and only admin users can delete user accounts. </code></pre> </div> <h2> Example Usage with Request Body Validation </h2> <p>Before processing requests, let's validate incoming data using a request body validation middleware.</p> <p><code>auth.validation.ts</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">signUpSchema</span> <span class="o">=</span> <span class="nx">z</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">email</span><span class="p">(),</span> <span class="na">password</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">min</span><span class="p">(</span><span class="mi">8</span><span class="p">),</span> <span class="p">});</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">validateSignupBody</span><span class="p">:</span> <span class="nx">ValidateCreateUser</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">params</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">req</span><span class="p">.</span><span class="nf">clone</span><span class="p">().</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="nx">signUpSchema</span><span class="p">.</span><span class="nf">safeParse</span><span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="k">as</span> <span class="nx">ValidateParseResponse</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">success</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">errors</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">response</span><span class="p">.</span><span class="nx">error</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">errorMessage</span> <span class="o">=</span> <span class="nf">generateErrorMessage</span><span class="p">(</span><span class="nx">errors</span><span class="p">,</span> <span class="nx">options</span><span class="p">);</span> <span class="k">return</span> <span class="nc">ErrorResponse</span><span class="p">(</span><span class="nx">errorMessage</span><span class="p">,</span> <span class="mi">422</span><span class="p">);</span> <span class="p">}</span> <span class="nf">next</span><span class="p">();</span> <span class="p">};</span> </code></pre> </div> <h3> <strong>Code Explanation:</strong> </h3> <p>This middleware validates request data before processing the signup request.</p> <ol> <li> <strong>Defines a Schema (</strong><code>signUpSchema</code>)</li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>* Uses `zod` to define a validation schema for signup data: * `email` must be a valid email. * `password` must have at least 8 characters. </code></pre> </div> <ol> <li><strong>Validates Incoming Request Data</strong></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>* Extracts JSON data from the request. * Uses `safeParse(data)` to validate the request body. </code></pre> </div> <ol> <li><strong>Handles Validation Errors</strong></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>* If validation fails, it generates an error message and returns a `422 Unprocessable Entity` error. </code></pre> </div> <ol> <li><strong>Proceeds to Next Middleware</strong></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>* If validation passes, it calls `next()` function. </code></pre> </div> <h2> <strong>Validation Middleware Usage in Routes</strong> </h2> <p>Now, let's put our validation middleware into action by before calling the handler itself.</p> <p><code>signup.ts</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">handleSignup</span> <span class="o">=</span> <span class="nf">asyncHandler</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">:</span> <span class="nx">CustomRequest</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">password</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">req</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">hashedPassword</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">hash</span><span class="p">(</span><span class="nx">password</span><span class="p">,</span> <span class="mi">10</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">prisma</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="nx">email</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="nx">hashedPassword</span> <span class="p">}</span> <span class="p">});</span> <span class="k">return</span> <span class="nc">ApiResponse</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">POST</span> <span class="o">=</span> <span class="nf">handler</span><span class="p">(</span><span class="nx">validateSignupBody</span><span class="p">,</span> <span class="nx">handleSignup</span><span class="p">);</span> <span class="k">export</span> <span class="p">{</span> <span class="nx">POST</span> <span class="p">};</span> </code></pre> </div> <h3> <strong>Explanation:</strong> </h3> <ol> <li> <strong>Handles User Signup (</strong><code>handleSignup</code>)</li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>* Extracts `email` and `password` from the request body. * Hashes the password using `bcrypt` before storing it in the database. * Saves the new user using Prisma ORM. </code></pre> </div> <ol> <li> <strong>Uses</strong> <code>validateSignupBody</code> Middleware</li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>* Ensures the request body is valid before calling `handleSignup`. </code></pre> </div> <h2> <strong>Async Handler Function</strong> </h2> <p>Finally, let’s make sure our API rock-solid by handling errors the right way. Instead of letting unexpected issues crash our app, we’ll wrap our route handlers in a smart async function that catches and processes errors gracefully.</p> <p><code>async-handler.ts</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">asyncHandler</span> <span class="o">=</span> <span class="o">&lt;</span><span class="nx">T</span> <span class="kd">extends</span> <span class="nx">ObjectData</span><span class="o">&gt;</span><span class="p">(</span><span class="nx">handler</span><span class="p">:</span> <span class="nx">AsyncHandler</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="k">async </span><span class="p">(</span><span class="na">req</span><span class="p">:</span> <span class="nx">CustomRequest</span><span class="p">,</span> <span class="nx">params</span><span class="p">?:</span> <span class="p">{</span> <span class="na">params</span><span class="p">:</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">T</span><span class="o">&gt;</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">resolvedParams</span> <span class="o">=</span> <span class="p">(</span><span class="k">await</span> <span class="nx">params</span><span class="p">?.</span><span class="nx">params</span><span class="p">)</span> <span class="o">??</span> <span class="p">({}</span> <span class="k">as</span> <span class="nx">T</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">resp</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">handler</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">resolvedParams</span><span class="p">);</span> <span class="k">return</span> <span class="nx">resp</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span><span class="p">?.</span><span class="nx">isApiException</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">message</span><span class="p">,</span> <span class="nx">statusCode</span><span class="p">,</span> <span class="nx">data</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">error</span><span class="p">;</span> <span class="k">return</span> <span class="nc">ErrorResponse</span><span class="p">(</span><span class="nx">message</span><span class="p">,</span> <span class="nx">statusCode</span><span class="p">,</span> <span class="nx">data</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span> <span class="nx">error</span> <span class="k">instanceof</span> <span class="nx">PrismaClientKnownRequestError</span> <span class="o">||</span> <span class="nx">error</span> <span class="k">instanceof</span> <span class="nx">PrismaClientValidationError</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Return Custom error here: e.g db-related errors</span> <span class="k">return</span> <span class="nf">handlePrismaError</span><span class="p">(</span><span class="nx">error</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="nc">ErrorResponse</span><span class="p">(</span><span class="dl">'</span><span class="s1">Internal Server Error</span><span class="dl">'</span><span class="p">,</span> <span class="mi">500</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">};</span> <span class="p">};</span> </code></pre> </div> <h3> <strong>Explanation:</strong> </h3> <p>This helper function handles errors in async functions to prevent unhandled promise rejections.</p> <ol> <li> <strong>Executes the Route Handler (</strong><code>handler</code>)</li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>* Wraps the request processing logic in a `try-catch` block. </code></pre> </div> <ol> <li><strong>Handles Known Errors:</strong></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>* If an API exception occurs, it returns an error response. <ul> <li><p>If a Prisma ORM error occurs, it calls <code>handlePrismaError(error)</code>.</p></li> <li><p>Otherwise, it returns a <code>500 Internal Server Error</code>.<br> </p></li> </ul></code></pre> </div> <h2> <br> <br> <br> Conclusion<br> </h2> <p>And there you have it. And there you have it! 🎉 We’ve devised a simple yet effective way to implement Express-like middleware in a Next.js app - without fighting against the framework. While there are always ways to refine and optimize, this approach keeps things clean, modular, and easy to extend.</p> <p>Curious to see the full code or experiment with it yourself? Check out the GitHub repository <a href="https://github.com/phenom-world/Next.js-Express-Middleware" rel="noopener noreferrer">GitHub repository</a> 🚀 Happy coding!</p> nextjs express middleware app