Express app.all() Method
What you’ll learn
- Where
app.all(path, ...handlers)fits in the Express routing stack. - How request flow works with
next(), route ordering, and path patterns. - How to implement route-level logging, authorization, and shared context setup.
- How to test multi-method behavior and avoid common routing pitfalls.
Overview
Use app.all() when one route-level behavior should run for every HTTP method on the same path.
One path, all methods
A single handler matches GET/POST/PUT/PATCH/DELETE for the same path pattern.
Shared route middleware
Ideal for checks like auth, logging, and request enrichment before method-specific handlers run.
Interview-ready details
You get syntax, request flow, complete mini app, testing checklist, and common mistakes.
Syntax
app.all(path, callback)
app.all(path, middleware1, middleware2, ..., callback)- path: route path or path pattern to match.
- callback / middleware: runs for every HTTP method matching that path.
- Use
next()to continue to the next matching middleware or route.
🔄 Request flow with app.all()
Match path
Express checks whether the incoming request path matches your app.all() route pattern.
Run handler for any method
The handler runs regardless of method: GET, POST, PUT, PATCH, DELETE, etc.
Either respond or continue
If you send a response, lifecycle ends. Otherwise call next() so downstream handlers execute.
Method-specific route executes
After next(), Express can run app.get(), app.post(), and other route handlers.
Quick route guard example
Protect every method under /api/private/* before serving method-specific endpoints.
app.all('/api/private/*', function (req, res, next) {
if (!req.user) {
return res.status(401).json({ error: 'Unauthorized' });
}
next();
});
app.get('/api/private/profile', function (req, res) {
res.json({ id: req.user.id, name: req.user.name });
});Common use cases
// 1) Logging middleware
app.all('/api/*', function (req, res, next) {
console.log(new Date().toISOString(), req.method, req.originalUrl);
next();
});
// 2) Authentication gate
app.all('/admin/*', function (req, res, next) {
if (!req.user) {
return res.status(401).send('Unauthorized');
}
next();
});
// 3) Attach request context
app.all('/orders/*', function (req, res, next) {
req.requestTime = Date.now();
req.traceId = req.headers['x-trace-id'] || 'local-dev';
next();
});Complete mini app
This end-to-end sample protects admin routes and then serves method-specific handlers.
const express = require('express');
const app = express();
app.use(express.json());
app.all('/admin/*', function (req, res, next) {
const token = req.headers['x-admin-token'];
if (token !== 'secret-123') {
return res.status(403).json({ error: 'Forbidden' });
}
next();
});
app.get('/admin/users', function (req, res) {
res.json({ users: ['Asha', 'Kavin'] });
});
app.post('/admin/users', function (req, res) {
res.status(201).json({ created: req.body });
});
app.listen(3000, function () {
console.log('Server running on http://localhost:3000');
});📋 app.all() vs app.use()
| Method | Best for | Method scope |
|---|---|---|
app.all() | Route-specific logic across methods | All HTTP methods on matching path |
app.use() | General middleware mounting | All methods by default |
🧪 Testing checklist
- Send both
GETandPOSTto the same protected prefix and verify both pass throughapp.all(). - Trigger one unauthorized request and validate expected
401or403. - Confirm authorized requests reach method-specific handlers after
next(). - Check logs include method + path for production debugging.
Pitfalls to avoid
Hanging request
If no response is sent and next() is not called, request processing stalls.
Unexpected matching
Patterns like /api/* can catch too many routes when placed too early.
Handler priority issues
Define route order intentionally so expected handlers execute first.
❓ FAQ
Summary
- Use case:
app.all()is best for shared route-level logic across all methods. - Flow: send a response or call
next()explicitly to keep lifecycle predictable. - Design: combine
app.all()for shared checks with method-specific handlers for endpoint behavior.
app.all() is method-agnostic: one handler can validate auth, log requests, or attach shared context before calling next().
6 people found this page helpful
