Whether to use ExpressJS or not?
Unanswered
Blue whiting posted this in #help-forum
Blue whitingOP
Hello!
I've been seeing some conflicting answers online and I'm not exactly sure how to proceed with my use cases now if anyone could give suggestions.
I am relatively new to NextJS and had minimal experience with building simple express servers.
I'm building an app that has some sensitive data on API calls and furthermore I may add a database in the future. Lastly, I want to integrate my app as a PWA using next-pwa. I was initially building out my app using ExpressJS as my back end, but I am not sure if I am overcomplicating things. I started wondering this after applying strict CSP and authentication middleware on the backend with nonces to protect my sensitive data. Ive been using Claude to help me think about how my project is working all together and its been telling me my middleware may not apply to nextjs at times due to express/next being 2 node processes at the same time, which seems to overcomplicate things. I am using Next for my API routes. Furthermore, it seems I built my CSP middleware using NextJS, but my auth middleware isn't (so I believe my CSP middleware is being applied everywhere, but not so sure about my authmiddleware). I am confused, which is probably due to listening to Claude a lot, when I should research myself more. Any suggestions!? Thank you!
I've been seeing some conflicting answers online and I'm not exactly sure how to proceed with my use cases now if anyone could give suggestions.
I am relatively new to NextJS and had minimal experience with building simple express servers.
I'm building an app that has some sensitive data on API calls and furthermore I may add a database in the future. Lastly, I want to integrate my app as a PWA using next-pwa. I was initially building out my app using ExpressJS as my back end, but I am not sure if I am overcomplicating things. I started wondering this after applying strict CSP and authentication middleware on the backend with nonces to protect my sensitive data. Ive been using Claude to help me think about how my project is working all together and its been telling me my middleware may not apply to nextjs at times due to express/next being 2 node processes at the same time, which seems to overcomplicate things. I am using Next for my API routes. Furthermore, it seems I built my CSP middleware using NextJS, but my auth middleware isn't (so I believe my CSP middleware is being applied everywhere, but not so sure about my authmiddleware). I am confused, which is probably due to listening to Claude a lot, when I should research myself more. Any suggestions!? Thank you!
13 Replies
Blue whitingOP
Hm I've been using front end component calling to my next api routes which is making the actual API call. Is that not correct or is your suggestion a different method of fetching sensitve data from API calls?
Blue whitingOP
Thanks for the responses! and hm so to me its making a direct api call from the component which should be safe for sensitive data as its a server component... rather than defining my own api route than making the call to that api route. Which i guess is the same result, but can overcomplicate things if I dont need the api route. I do kind of like the api routes though for organizational purposes.
@Blue whiting Thanks for the responses! and hm so to me its making a direct api call from the component which should be safe for sensitive data as its a server component... rather than defining my own api route than making the call to that api route. Which i guess is the same result, but can overcomplicate things if I dont need the api route. I do kind of like the api routes though for organizational purposes.
its not recommended to call your own route handler inside your rsc
its better to define your server functions in a seperate directory an use it for your route handlers and your rsc
this way its way more organized
@gin its not recommended to call your own route handler inside your rsc
Blue whitingOP
thank you that makes sense. I actually was doing that due to it being a client component (which myself still no idea if im using client vs server components correctly). But i see if it was a rsc than it'd be redundant/unncessary to call my own route handler
so basically everything is a react server component if it doesnt have the "use client" directive
"use server" is for server actions, this way u can directly use the exported function with the action prop on the client
Blue whitingOP
mhm okay thanks! any suggestions on my question of whether to use express or not? im mostly worried about applying csp/auth middleware and express server conflicting with next server. I am not even using api routing on express so im thinking of just moving fully to next server for backend.
My express server is just setting up https certs, and applying helmet.js for security, and then applying csp/auth middleware, so Im wondering if just moving all this to purely nextjs would simplfy things and optimize it better
My express server is just setting up https certs, and applying helmet.js for security, and then applying csp/auth middleware, so Im wondering if just moving all this to purely nextjs would simplfy things and optimize it better