BTW, middleware may change request passed to inner handler.

We have no API for that right now but it can be done easy by adding Request.clone(**kwargs) where kwargs key may be any request property.

Looks good to me.
Yocto detail: you have in typo in tests with middleware name.

Maybe, should be useful to define also middlewares for a specific route , to override application middlewares.
For example, a csrf middleware shouldn't be everywhere if you have also an API (it's a concrete issue I had with Django)

I think adding enabling/disabling middlewares for routes makes a mess.

If you need to wrap some specific handlers -- do it explicitly, e.g.

app.router.add_route('POST', '/post', process_csrf(post_handler))

Can the way satisfy your requirements?

Yes, indeed.

lgtm.

i think we need Application.register_middleware() as well.

Adding middleware to application should be done at configuration stage, current api allows to do that.
After making handler nobody should add middlewares or routes -- that's weird.

Also I doubt that we need a way to unregister middleware.

I guess to keep API as-is and add register_middleware method only after real use case.

+1 for @asvetlov please to keep it simple :-)

This thread has been automatically locked since there has not been
any recent activity after it was closed. Please open a new issue for
related bugs.

If you feel like there's important points made in this discussion,
please include those exceprts into that new issue.