I have a express router and I only want authorized users to access routes of that router. I am using passport middleware. So I can just add a check for req.user in every endpoint like:
router.get("/", async (req, res) => {
if (!req.user) {
return res.sendStatus(401).send({ message: "Unauthorized" });
}
//logic
res.sendStatus(200).send({message: "OK"})
});I can add a check in every endpoint like this but is there any better way to do this?
You can factor the behavior out into a "middleware" and mount it for every route of a router by passing it to router.use():
function isAuthorizedMiddleware (req, res, next) {
if (!req.user) {
return res.status(401).send({ message: "Unauthorized" });
}
next();
}
router.use(isAuthorizedMiddleware);
router.get("/", async (req, res) => {
//logic
res.status(200).send({message: "OK"})
});
In this particular case it would be important to mount the isAuthorizedMiddleware after the Passport one so that it does not reject every request upfront.
Middleware docs: https://expressjs.com/en/guide/using-middleware.html