# Middleware

{% hint style="info" %}
Middlewares are called Plugins in Fastify
{% endhint %}

You can create your own middlewares by following Fastify's Plugin architecture

{% embed url="<https://fastify.dev/docs/latest/Reference/Plugins/>" %}

You can write these in your `/app/index.ts` file, or in your middlewares, or in your routes if you wish to apply route level

{% embed url="<https://docs.novel.dev/guides/knowledge-base/novel-server/writing-a-middleware>" %}

## Route Middlewares

Route middlewares are middleware files that are applied to a group of routes in the api directory

<pre class="language-asciidoc"><code class="lang-asciidoc">app/
├── api/
│   └── v1/
│       └── accounts-search/
│           └── index.ts
│           └── schema.json
│       └── accounts-update/
│           └── index.ts
│           └── schema.json
│       └── <a data-footnote-ref href="#user-content-fn-1">middleware.ts</a>
│   └── webhooks/
│       └── stripe-webhook/
│           └── index.ts
│       └── <a data-footnote-ref href="#user-content-fn-1">middleware.ts</a>
└── ...other files
</code></pre>

From the example above, the middleware.ts file is **ONLY** applied to the route within that directory.

A minimum implementation of a middleware file is below:

{% code title="app/api/v1/middleware.ts" lineNumbers="true" %}

```typescript
export default async function Middleware (instance: FastifyInstance) {
    // `instance` is an instance of FastifyInstance
    // All interfaces available to FastifyInstance is available here
    instance.register(async function anotherPlugin() {});
    
    instance.addHook('onReply', async function (request, reply) {});
}
```

{% endcode %}

{% hint style="info" %}
**Be careful with scope**

Hooks, plugins, decorators defined in `app/api/v1/middleware.ts` will not be available to routes defined in `app/api/webhooks`.
{% endhint %}

Fastify rules for Plugins apply to this file.

{% embed url="<https://fastify.dev/docs/latest/Reference/Plugins/>" %}

Route middlewares that are available out of the box are discussed below:

## CSRF

All `POST`, `PUT`, `PATCH`, and `DELETE`methods automatically check the csrf of the incoming requests.

The CSRF is in both the local storage of the browser and cookie. If this does not exist in the request, the request will throw a `InvalidCsrfTokenError`

References:

<https://github.com/madewithnovel/novel/blob/main/packages/novel/lib/csrf.js>

<https://github.com/madewithnovel/novel/blob/main/packages/novel/errors/invalid-csrf-token.js>

## Changelog

* 2024-12-20 - Initial Documentation

[^1]: This is where your middleware sits


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.novel.dev/novel-server/routing/middleware.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.