Answer the question
In order to leave comments, you need to log in
M
M
Mcrx2017-11-21 21:06:23
Mcrx, 2017-11-21 21:06:23
How to secure individual api routes using jwt?
I deal with express, I read this article,
here is what he writes
Of course, I don’t really understand this yet, but as for me, it’s a horror, to lay down routes that you don’t want to protect over the middleware, is there any adequate way to protect routes? without using a passport? and google only gives this
At this point, we have 3 routes defined on our API routes (/api/authenticate, /api, and /api/users). Let's create route middleware to protect the last 2 routes. We won't want to protect the /api/authenticate route so what we'll do is place our middleware beneath that route. Order is important here.
1 answer(s)
@alexiusp
A
Aleksei Podgaev, 2017-12-02 @alexiusp
you can put authorization first, but instead of sending an authorization error immediately from the middleware, this is done in the above example, do error handling in each of the protected routes.
those. The middleware only checks the presence and correctness of the token and adds the user parameter to the request (for example), and the route looks if it needs authorization and the user field is empty - it returns an error, and if authorization is not needed, then this field is not checked either.
I saw this approach just in some kind of tutorial on the passport and mongodb.
Similar questions
B
balex7772020-02-21 13:50:49
How in windows objectsid translates values into hexadecimal format?
2Reply
S
V
A
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question