Registers engine-level middleware functions that run before HTTP handlers. Use when adding authentication, request logging, rate limiting, or any pre-handler logic to HTTP endpoints.
Comparable to: Express middleware, Fastify hooks, Django middleware
Use the concepts below when they fit the task. Not every middleware setup needs all of them.
{ action: 'continue' } or { action: 'respond', response } instead of a normal responsemiddleware_function_ids in the trigger configMiddlewareFunctionInput with phase, request (path_params, query_params, headers, method), and context from auth{ action: 'respond' } short-circuits the chain — the handler never runs{ action: 'continue' } passes to the next middleware or the handlerHTTP request
→ iii-http (port 3111)
→ Middleware 1 (continue / respond)
→ Middleware 2 (continue / respond)
→ registerFunction handler
→ { status_code, body, headers } response
| Primitive | Purpose |
|---|---|
registerFunction(id, handler) | Define a middleware function |
registerTrigger({ config: { middleware_function_ids } }) | Attach middleware to an HTTP trigger |
{ action: 'continue' } | Pass to next middleware or handler |
{ action: 'respond', response: { status_code, body } } | Short-circuit and return response immediately |
req.request.headers | Access request headers in middleware |
req.context | Access auth context from RBAC auth function |
See ../references/http-middleware.js for the full working example — auth and logging middleware protecting HTTP endpoints.
Code using this pattern commonly includes, when relevant:
iii.registerFunction('middleware::auth', async (req) => { ... }) — auth middleware checking headersiii.registerFunction('middleware::rate-limit', async (req) => { ... }) — rate limiting middlewareiii.registerFunction('middleware::request-logger', async (req) => { ... }) — request loggingreq.request?.headers?.authorization — reading auth tokensreturn { action: 'respond', response: { status_code: 401, body: { error: 'Unauthorized' } } } — reject requestreturn { action: 'continue' } — allow request throughconfig: { middleware_function_ids: ['middleware::auth', 'middleware::logger'] } — attach to triggerUse the adaptations below when they apply to the task.
req.contextiii-http-endpoints.iii-http-middleware when the primary need is pre-handler processing for HTTP routes.iii-http-middleware in the iii engine.