fix: verify route-level middleware req.body modifications reach handler

[yanxue-22]

Problem

When Express middleware modified req (e.g., req.body, req.query, req.params, req.headers), those modifications were not passed to route handlers defined without the routeHandler() wrapper.

More confidence on why this is real bug:

• Function has returned just input since 2022 - never merged req modifications
• Function name is "IgnoringResults" - should ignore return values, not req modifications
• Original commit (0c311dd) says "allow middleware to add request properties" but implementation doesn't

Root Cause

1. req.decoded is created once before middleware runs
2. The route.request.decode() function uses io-ts validation, which creates a new object from req.body, req.query, req.params, and req.headers
3. Middleware runs and modifies the Express request object properties (e.g., req.body.someField = 'value')
4. runMiddlewareChainIgnoringResults() returned only the original req.decoded, ignoring any middleware modifications
5. Handler receives outdated params without middleware changes

Example of Broken Behavior

const modifyBodyMiddleware: express.RequestHandler = (req, _res, next) => {
req.body.addedByMiddleware = 'ADDED'; // ❌ This modification was lost
next();
};

const handler = async (params) => {
console.log(params.addedByMiddleware); // undefined (should be 'ADDED')
};

---

Solution

Modified runMiddlewareChainIgnoringResults() in packages/express-wrapper/src/middleware.ts to merge middleware modifications back into the handler params.

Before

return input; // Just returned original decoded input

After

return {
  ...(req as any).decoded,   // Start with original decoded request
  ...(req.body || {}),        // Merge any body modifications
  ...(req.query || {}),       // Merge any query modifications
  ...(req.params || {}),      // Merge any params modifications
  ...(req.headers || {})      // Merge any headers modifications
};

This ensures that after middleware runs, any modifications to the four sources of req.decoded are merged back into the result passed to the handler.

---

Why merge req.body, req.query, req.params, and req.headers specifically?

These four properties are hard-coded because they are the exact sources used to build req.decoded:

api-ts/packages/typed-express-router/src/index.ts

Lines 119 to 124 in c5000de

	const decoded = route.request.decode({
	body: req.body,
	headers: req.headers,
	params: req.params,
	query: req.query,
	});

Since route.request.decode() creates a new object from these four sources, we must merge them back after middleware runs to capture any modifications.

---

Closes #188

[yanxue-22]

Closing this ticket because it is working as designed. The issue occurs when defining handlers without the routeHandler() wrapper. This legacy path uses:

api-ts/packages/express-wrapper/src/middleware.ts

Line 201 in c5000de

export async function runMiddlewareChainIgnoringResults<

This explicitly ignores middleware results and only returns the original decoded request input.