| id | SKL-middleware-MIDDLEWARE |
| name | Middleware |
| description | Middleware functions are functions that have access to the request object (req), response object (res), and the next middleware function in the application's request-response cycle. Middleware helps m |
| version | 1.0.0 |
| status | active |
| owner | @cerebra-team |
| last_updated | 2026-02-22 |
| category | Backend |
| tags | ["api","backend","server","database"] |
| stack | ["Python","Node.js","REST API","GraphQL"] |
| difficulty | Intermediate |
Middleware
Skill Profile
(Select at least one profile to enable specific modules)
Overview
Middleware functions are functions that have access to the request object (req), response object (res), and the next middleware function in the application's request-response cycle. Middleware helps manage cross-cutting concerns like authentication, logging, error handling, and validation.
Middleware consists of:
- Request Processing: Process incoming requests before route handlers
- Response Processing: Modify responses before sending to clients
- Error Handling: Centralized error handling across all routes
- Cross-Cutting Concerns: Authentication, logging, validation, compression
- Modular Design: Composable middleware chain for flexible configuration
Why This Matters
- Increase Maintainability: Centralized logic reduces code duplication
- Enhance Security: Consistent security policies across all endpoints
- Increase Observability: Centralized logging and monitoring
- Reduce Development Time: Reusable middleware reduces boilerplate
- Improve Consistency: Consistent error handling and validation
Core Concepts & Rules
1. Core Principles
- Follow established patterns and conventions
- Maintain consistency across codebase
- Document decisions and trade-offs
2. Implementation Guidelines
- Start with the simplest viable solution
- Iterate based on feedback and requirements
- Test thoroughly before deployment
Inputs / Outputs / Contracts
- Inputs:
- Middleware requirements
- Authentication requirements
- Logging requirements
- Security requirements
- Entry Conditions:
- Node.js 16+ is available
- Express.js is installed
- TypeScript is configured
- Middleware requirements are defined
- Outputs:
- Middleware functions
- Authentication middleware
- Logging middleware
- Error handling middleware
- Artifacts Required (Deliverables):
- Middleware implementations
- Authentication middleware
- Logging middleware
- Error handlers
- Validation middleware
- Acceptance Evidence:
- Middleware processes requests correctly
- Authentication is enforced
- Logging is comprehensive
- Error handling is consistent
- Success Criteria:
- Middleware is modular
- Authentication is secure
- Logging is structured
- Error handling is consistent
Skill Composition
Quick Start / Implementation Example
- Review requirements and constraints
- Set up development environment
- Implement core functionality following patterns
- Write tests for critical paths
- Run tests and fix issues
- Document any deviations or decisions
def example_function():
pass
Assumptions / Constraints / Non-goals
- Assumptions:
- Development environment is properly configured
- Required dependencies are available
- Team has basic understanding of domain
- Constraints:
- Must follow existing codebase conventions
- Time and resource limitations
- Compatibility requirements
- Non-goals:
- This skill does not cover edge cases outside scope
- Not a replacement for formal training
Compatibility & Prerequisites
- Supported Versions:
- Python 3.8+
- Node.js 16+
- Modern browsers (Chrome, Firefox, Safari, Edge)
- Required AI Tools:
- Code editor (VS Code recommended)
- Testing framework appropriate for language
- Version control (Git)
- Dependencies:
- Language-specific package manager
- Build tools
- Testing libraries
- Environment Setup:
.env.example keys: API_KEY, DATABASE_URL (no values)
Test Scenario Matrix (QA Strategy)
| Type | Focus Area | Required Scenarios / Mocks |
|---|
| Unit | Core Logic | Must cover primary logic and at least 3 edge/error cases. Target minimum 80% coverage |
| Integration | DB / API | All external API calls or database connections must be mocked during unit tests |
| E2E | User Journey | Critical user flows to test |
| Performance | Latency / Load | Benchmark requirements |
| Security | Vuln / Auth | SAST/DAST or dependency audit |
| Frontend | UX / A11y | Accessibility checklist (WCAG), Performance Budget (Lighthouse score) |
Technical Guardrails & Security Threat Model
1. Security & Privacy (Threat Model)
- Top Threats: Injection attacks, authentication bypass, data exposure
2. Performance & Resources
3. Architecture & Scalability
4. Observability & Reliability
Agent Directives & Error Recovery
(ข้อกำหนดสำหรับ AI Agent ในการคิดและแก้ปัญหาเมื่อเกิดข้อผิดพลาด)
- Thinking Process: Analyze root cause before fixing. Do not brute-force.
- Fallback Strategy: Stop after 3 failed test attempts. Output root cause and ask for human intervention/clarification.
- Self-Review: Check against Guardrails & Anti-patterns before finalizing.
- Output Constraints: Output ONLY the modified code block. Do not explain unless asked.
Definition of Done (DoD) Checklist
Anti-patterns / Pitfalls
- ⛔ Don't: Log PII, catch-all exception, N+1 queries
- ⚠️ Watch out for: Common symptoms and quick fixes
- 💡 Instead: Use proper error handling, pagination, and logging
Reference Links & Examples
- Internal documentation and examples
- Official documentation and best practices
- Community resources and discussions
Versioning & Changelog
- Version: 1.0.0
- Changelog:
- 2026-02-22: Initial version with complete template structure