I implemented protected API routes in Express using the Auth0 quick start . Protected routes are handled with a middleware function called checkJwt
, provided by Auth0 . It runs whenever one of the GET methods is called. This process works well if I manage all my routes in server.js
.
How can I separate out the route handling and still preserve the protected API routes?
server.js
working code with protected routes .
import colors from 'colors' import cors from 'cors' import express from 'express' import morgan from 'morgan' import dotenv from 'dotenv' import connectDB from './db.js' import checkJwt from './middleware/auth.middleware.js' import { getStudents, getStudent } from './controllers/students.controller.js' dotenv.config() connectDB() export const app = express() app.use(cors()) app.use(express.json({ limit: '50mb' })) if (process.env.NODE_ENV === 'development') { app.use(morgan('dev')) } //handle routing internally app.get('/api/students/:id', checkJwt, getStudent) app.get('/api/students', checkJwt, getStudents) const PORT = process.env.PORT || 6000 app.listen(PORT, () => console.log( `Server running in ${process.env.NODE_ENV} mode on port ${PORT}`.yellow.bold ) )
I want to divorce out the route handling as my code grows. I can't figure out where to put checkJwt
once I separate out the routing.
server.js
desired code structure is:
import colors from 'colors' import cors from 'cors' import express from 'express' import morgan from 'morgan' import dotenv from 'dotenv' import connectDB from './db.js' import studentsRouter from './routes/students.routes.js' dotenv.config() connectDB() const app = express() app.use(cors()) app.use(express.json({ limit: '50mb' })) if (process.env.NODE_ENV === 'development') { app.use(morgan('dev')) } // handle routing externally const apiRouter = express.Router() app.use('/api', apiRouter) apiRouter.use('/students', studentsRouter) const PORT = process.env.PORT || 6000 app.listen(PORT, () => console.log( `Server running in ${process.env.NODE_ENV} mode on port ${PORT}`.yellow.bold ) )
Routes are implemented in the students.routes.js
Route handler.
import express from 'express' import { getStudent, getStudents } from '../controllers/students.controller.js' const router = express.Router() // where can I implement checkJwt? router.route('/').get(getStudents) router.route('/:id').get(getStudent) export default router
Is it possible to simplify the code by moving the routing, and still protect my routes?
you can use any middleware like this in your router:
const router = express.Router();
router.route('/').get([checkJwt, secondMiddleware, ...] , getStudents);
based on documentation: express-routing
You can provide multiple callback functions that behave like middleware to handle a request. The only exception is that these callbacks might invoke next('route') to bypass the remaining route callbacks. You can use this mechanism to impose pre-conditions on a route, then pass control to subsequent routes if there's no reason to proceed with the current route.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.