App → Middleware
Middleware
Functions that run before every route handler, in registration order. Use them for auth, logging, rate guard overrides, or payload validation — anything that applies globally.
Signatures
app:Use(id, fn)
app:Unuse(id)
Parameters
| Parameter | Type | Description |
|---|---|---|
id | string | Unique name for this middleware function. Used to remove it later with Unuse. |
fn | function | (Player, Payload) → boolean?. Return false to block with 403. Throw to send 500. Return nothing to continue. |
Return values
| Return | Effect |
|---|---|
false (explicit) | Block the request. Client receives 403. Subsequent middleware and the handler do not run. |
| throw / error | Block the request. Client receives 500. |
nil / nothing | Continue to the next middleware, then the handler. |
Examples
-- auth guard: block banned players
app:Use("auth", function(Player, Payload)
if BanList[Player.UserId] then return false end
end)
-- logger: runs on every request
app:Use("logger", function(Player, Payload)
print(Player.Name, Payload.method, Payload.route)
end)
-- remove middleware by id (e.g. during a maintenance window)
app:Unuse("auth")Middleware order matters. Functions run in the order they were registered with
Use. Register your auth guard before your logger if you don't want banned players appearing in logs.See also
← App · Route Handlers | routes middleware applies to · Request Pipeline | where middleware sits in the full flow · Middleware Guide | patterns: auth, logging, ban lists