Writing middlewares using Middy for AWS Lambda

Middy is the stylish Node.js middleware engine for AWS Lambda. It allows us to focus on the strict business logic of your Lambda and attach common modular elements such as authentication, authorization, validation etc.

To install middy via NPM

npm install --save @middy/core

Middy supports multiple middlewares, we can create a new folder called middlewares and define the middlewares there.

Let's create middlewares/index.js. In this file, it includes other middlewares. You can treat it as an entry point of all middlewares.

const middy = require('@middy/core')
const middleware1 = require("./middleware1");
const middleware2 = require("./middleware2");
const middleware3 = require("./middleware3");

const middlewares = [
  middleware1(),
  middleware2(),
  middleware3()
];

module.exports = { middlewares };

For example, if you wanna update your handler header for each Lambda function, you can create a middleware like

const NEW_RESPONSE_HEADER = {
  "Access-Control-Allow-Origin": "*",
  "Access-Control-Allow-Credentials": true,
  "Access-Control-Allow-Methods": "POST,GET",
  "Access-Control-Allow-Headers": "*",
  "Strict-Transport-Security": "max-age= 63072000",
  "X-Content-Type-Options": "nosniff",
  "X-Frame-Options": "DENY",
  "X-XSS-Protection": "1; mode=block",
  "Referrer-Policy": "same-origin",
};

const updateHandlerHeaders = (handler) => {
  if (!handler.response) {
    handler.response = {};
  }
  handler.response.headers = {
    ...RESPONSE_SECURITY_HEADER,
    ...handler.response.headers,
  };
};

const headers = () => ({
  before: async (handler) => updateHandlerHeaders(handler),
  after: async (handler) => updateHandlerHeaders(handler),
  onError: async (handler) => updateHandlerHeaders(handler),
});

module.exports = headers;

In your handle.js, import core and your middlewares

const middy = require('@middy/core')
const { middlewares }= require("../middleware");

Then define your business logic

const func = (event, context, callback) => {
 const { data } = event.body
 // business logic goes here
 return callback(null, { result: 'success', message: 'hello world'})
}

const handler = middy(func).use(middlewares)

Middlewares have two phases - before and after. Therefore, the order does matter. In the previous example, there are three middlewares, the expected order of execution is

middleware1 (before)
middleware2 (before)
middleware3 (before)
handler
middleware3 (after)
middleware2 (after)
middleware1 (after)

By using Middy, we can address some common concerns like setting CORS headers and keep our business logic clean. For more details, please check out here.