Leadsmart
  1. Docs
Leadsmart
  • API Reference
  • Docs
    • LeadSmart API Documentation
    • Services
    • Middleware
    • Integrations
    • Database
    • Architecture
  • Authentication
    • Register
      POST
    • Update User
      PATCH
    • Login
      POST
    • Logout
      POST
    • Reset Password
      POST
    • Change Email
      POST
    • Request Password Reset
      POST
    • Request Email Change
      POST
    • Verify Email
      GET
  • Companies
    • Create Company
      POST
    • Join Company
      POST
    • Get All User Company
      GET
    • Get user Company
      GET
    • Update Company
      PATCH
    • Deactivate Company
      PATCH
    • Activate Company
      PATCH
    • Reset Invite Code
      PATCH
  • Members
    • Create a Member
      POST
    • Get All Member
      GET
    • Get Single Member
      GET
    • Update Member
      PATCH
    • Deactivate Member
      PATCH
    • Activate Member
      PATCH
  • Agendas
    • Create Company Agenda
    • Get All Agendas
    • Get Single Agenda
    • Get Agenda with Appoint
    • Get Available Slots
    • Update Agenda
    • Delete Agenda
    • Activate Agenda
    • Create Agenda Integration
    • Delete Agenda Integration
  • Appointments
    • Create Appointment
    • Get All Appointments
    • Get Appointment
    • Add Members
    • Delete Members
    • Update Appointment
    • Update Date
  • Plans
    • Get Single Plan
    • Get All Plans
    • Create Plan
    • Delete Plan
    • Update Plan
  • Plans Duration
    • Get Single Plan Duration
    • Create Plan Duration
    • Delete Plan Duration
    • Update Plan Duration
  • Company Roles
    • Get Single Company Role
    • Get All Company Roles
    • Create Company Role
    • Delete Company Role
    • Update Company Role
  • Clients
    • Get All Clients
    • Create Client
    • Get Client By Id
    • Update Client
    • Delete Client
  • Client Threads
    • Get All By Client
    • Get All By Instance
    • Create Client Thread
    • Get Client By Id
    • Update Client
    • Delete Client Thread
  • Admin
    • Get All Plans Duration
    • Get All Plans
    • Create Plan
    • Get All Members
    • Get All Companies
  • Chatwoot Accounts
    • Get Chatwoot Account
    • Update Chatwoot Account
    • Delete Chatwoot Account
    • Create Chatwoot Account
  • Integrations
    • Tokens
      • Fetch All Tokens
      • Fetch Token
      • Update Token
      • Remove Token
    • Google
      • Create Auth URL
      • Regenerate Auth URL
      • Renew Google Webhook
    • External Calendar
      • Create External Event
      • Update External Event
      • Delete External Event
      • Validate Calendar Id
      • Fetch External Calendars
  • Messaging
    • Instances
      • Create Instance
      • Get All Instance
      • Get Instance
      • Update Instance
      • Connect Instance
      • Disconnect Instance
      • Activate Instance
      • Deactivate Instance
    • Message
      • Send Message
  • AI Keys
    • Get All AI Keys
    • Get AI Keys By ID
    • Create AI Key
    • Update AI Key
    • Delete AI Key
  • Agent Prompts
    • Get All Agent Prompts
    • Get Agent Prompt By ID
    • Create Agent Prompt
    • Update Agent Prompt
    • Delete Agent Prompt
  • Agent Configuration
    • Get All Agent Configurations
    • Get Agent Configuration By ID
    • Create Agent Configuration
    • Update Agent Configuration
    • Delete Configuration Prompt
  • Agent Prompt Versions
    • Get All Agent Prompt Versions
    • Get Agent Prompt Version By ID
    • Create Agent Prompt Version
    • Update Agent Prompt Version
    • Delete Agent Prompt Version
  1. Docs

Middleware

LeadSmart API uses Express.js middleware for request processing, authentication, error handling, and more. This document outlines the middleware components used in the application.

Authentication Middleware#

JWT Authentication#

File: src/middlewares/auth.middleware.ts
Validates JSON Web Tokens (JWT) in request headers and attaches the authenticated user to the request object.
Functionality:
Extracts JWT from Authorization header
Verifies token signature and expiration
Attaches decoded user information to request object
Handles token validation errors
Usage:

Role-Based Access Control#

File: src/middlewares/roleCheck.middleware.ts
Verifies that the authenticated user has the required role to access a resource.
Functionality:
Checks user role against required roles
Returns 403 Forbidden if user lacks required permissions
Supports multiple role requirements
Usage:

Company Membership Check#

File: src/middlewares/companyMembership.middleware.ts
Verifies that the authenticated user is a member of the specified company.
Functionality:
Extracts company ID from request parameters
Checks if user is a member of the company
Returns 403 Forbidden if user is not a member
Usage:

Request Processing#

Request Validation#

File: src/middlewares/validation.middleware.ts
Validates request data against Zod schemas.
Functionality:
Validates request body, query parameters, and URL parameters
Returns 400 Bad Request with validation errors
Sanitizes and transforms data based on schema
Usage:

Rate Limiting#

File: src/middlewares/rateLimit.middleware.ts
Limits the number of requests that can be made to specific endpoints.
Functionality:
Tracks request counts by IP address or user ID
Enforces configurable rate limits
Returns 429 Too Many Requests when limit is exceeded
Usage:

Error Handling#

Global Error Handler#

File: src/middlewares/errorHandler.middleware.ts
Centralized error handling middleware that processes all errors thrown in the application.
Functionality:
Catches all errors that occur during request processing
Formats errors into a standardized response format
Maps specific error types to appropriate HTTP status codes
Handles Sequelize database errors
Provides detailed error information in development environment
Implementation:
Usage:

Security Middleware#

CORS Configuration#

File: src/configs/app.ts
Configures Cross-Origin Resource Sharing (CORS) policies.
Functionality:
Specifies allowed origins, methods, and headers
Handles preflight requests
Sets appropriate security headers
Implementation:

Helmet Security Headers#

File: src/configs/app.ts
Sets various HTTP headers to enhance security.
Functionality:
Prevents common web vulnerabilities
Configures Content Security Policy
Sets XSS protection headers
Prevents clickjacking attacks
Implementation:

Logging Middleware#

Request Logging#

File: src/middlewares/logger.middleware.ts
Logs information about incoming requests and their responses.
Functionality:
Logs request method, URL, and timing
Logs response status code
Captures request and response size
Includes user ID for authenticated requests
Implementation:

Middleware Registration#

Middleware is registered in the Express application in src/configs/app.ts:

Creating Custom Middleware#

Custom middleware functions in LeadSmart API follow this pattern:
Modificado em 2025-04-24 22:31:58
Página anterior
Services
Próxima página
Integrations
Built with