Good Code
The good version parses JSON before routes, protects the router before handlers run, and places the 404 and error handlers after routes.
Lesson 03
Order middleware so parsing, security, routes, 404s, and errors run in the intended sequence.
import express from "express";
import { requireUser } from "./auth";
import { errorHandler, notFoundHandler } from "./errors";
import { createReviewsRouter } from "./reviews/router";
export function createApp() {
const app = express();
// Parsing and auth run before routes; 404 and errors run after.
app.use(express.json());
app.use("/reviews", requireUser, createReviewsRouter());
app.use(notFoundHandler);
app.use(errorHandler);
return app;
}import express from "express";
import { requireUser } from "./auth";
import { errorHandler } from "./errors";
import { createReviewsRouter } from "./reviews/router";
export function createApp() {
const app = express();
// Earlier middleware cannot handle routes that run before it.
app.use(errorHandler);
app.use("/reviews", createReviewsRouter());
app.use(requireUser);
app.use(express.json());
return app;
}The good version parses JSON before routes, protects the router before handlers run, and places the 404 and error handlers after routes.
The bad version registers the error handler before routes, applies auth after the router, and parses JSON too late.