Is there any reason to put user authentication farther down the chain INSTEAD at the middleware level of express (i.e. app.use(express.express.basicAuth(...) )?
(It seems like there is no good reason to live outside of the middleware.)
Why I'm asking. I've gotten some inherited code where the previous programmer put user.auth in the controller.
So a call from the client follows this path:
client >>
middleware of express >>
api_server (ROUTER passes on requests to proper CONTROLLER) >>
api_server (CONTROLLER gets what it needs from DB) >>
api_server (CONTROLLER sends response with data to VIEW on way back to client) >>
client happy ;D
(Please provide suggestions on how to make this question more precise if it's lacking somewhere. I'm getting up to speed on setting up an entire system.)'
Thanks you.
Unless you are targeting that specific route there is no reason to do this. You can even do url specific auth with global middleware as well. The following code is common in my applications.
app.use('/administrator/*', authMiddleware);