Server: timeoutMiddleware registered after catch-all route — never applies to SPA/404 handlers #65
Labels
No Label
P0 Critical
P1 High
P2 Medium
P3 Low
accessibility
backend
bug
content
data-integrity
enhancement
frontend
infra
integration
owner
owner-input
performance
performance
phase-7
phase-8
security
seo
ui
ux
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: null/Queue-North-Website#65
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Bug Description
In
server/index.js, thetimeoutMiddlewareis registered withapp.use(timeoutMiddleware)after the catch-allapp.get('*', ...)SPA handler (line ~285) and theapp.use('/api', ...)404 handler (line ~276).Because Express processes middleware and routes in registration order, the catch-all
app.get('*')handler matches GET requests beforetimeoutMiddlewareis reached. This means:Fix
Move
app.use(timeoutMiddleware)to BEFORE the API route definitions (or at least before the catch-all routes). The middleware should be registered early in the middleware chain, after body parsing and rate limiting but before route handlers.Current order (broken):
app.get('*'))app.use(timeoutMiddleware)← too lateDesired order:
app.use(timeoutMiddleware)← early enoughLabels