allow custom middleware plugins

[mstorus]

Adding the ability to load in custom middleware.

I need a way to restrict which npm client versions can access Sinopia, and the only way to do that is to inspect the request headers. (See #187)

I'm adding this middleware loader as a generic way for the Sinopia administrator to hook into api requests by adding middleware. The middleware will be specified in the middleware config.yaml key.

For now, I've set the sanity_check function to just return true, but I'm open to other ideas.

[rlidwka]

The idea looks good, custom middleware would indeed solve a lot of issues we have.

Plugins were designed for another purpose however. They are too complex to use here imho.

Question: are there any existing middleware modules that could be useful here and would work out of the box without explicitly writing a plugin for sinopia only?

Maybe we could use:

middleware:
  helmet-csp:
    defaultSrc: ["'self'", 'default.com']

And sinopia would do app.use(require('helmet-csp')({ defaultSrc: ["'self'", 'default.com'] })). Thus, making existing npm modules somehow useful.

[mstorus]

Ok, how should we load in custom middleware?
The middleware should still be defined in config.yaml right?

[mstorus]

So what can I do to help here?
Should I write a middleware loader that doesn't use plugins?
Just let me know, I'd like to help

[gregersrygg]

This seems related to #188