I am following this link for a middleware pattern to check if a user is logged in expressjs: However I am running in to an issue. Suppose a user (Sam) is logged in and he is trying to edit/delete someone else's record, how can I add a middleware for that?
like for example: Sam, after loggin in, just types this in URL:
..../record/:random_id/edit
The middleware I wrote just checks for whether a user is logged in, which is true in this case. So he is able to edit the record.
One of the ways I am trying to resolve this issue is by doing two calls to the underlying database:
The problem with this approach is that this code needs to injected for so many routes. I am also wondering if I can write a middleware which will avoid the extra trip to the database.
I looked in to passport.js, I could not use that for my scenario.
Any help would be appreciated.