Good Code
The good version parses JSON before routes, protects the router before handlers run, and places the 404 and error handlers after routes.
Lesson 03
Middleware order
Order middleware so parsing, security, routes, 404s, and errors run in the intended sequence.
- middleware
- routing
- errors
Good Code
src/app.tsimport express from "express";
import { requireUser } from "./auth";
import { errorHandler, notFoundHandler } from "./errors";
import { createReviewsRouter } from "./reviews/router";
export function createApp() {
const app = express();
app.use(express.json());
app.use("/reviews", requireUser, createReviewsRouter());
app.use(notFoundHandler);
app.use(errorHandler);
return app;
}Bad Code
src/app.tsimport express from "express";
import { requireUser } from "./auth";
import { errorHandler } from "./errors";
import { createReviewsRouter } from "./reviews/router";
export function createApp() {
const app = express();
app.use(errorHandler);
app.use("/reviews", createReviewsRouter());
app.use(requireUser);
app.use(express.json());
return app;
}Review Notes
What to review
Bad Code
The bad version registers the error handler before routes, applies auth after the router, and parses JSON too late.
Takeaways
- Express middleware order is behavior, not decoration.