Use Auth0 API protected route with Express route handlers

Question

I implemented protected API routes in Express using the Auth0 quick start . Protected routes are handled with a middleware function called checkJwt , provided by Auth0 . It runs whenever one of the GET methods is called. This process works well if I manage all my routes in server.js .

How can I separate out the route handling and still preserve the protected API routes?

server.js working code with protected routes .

 import colors from 'colors' import cors from 'cors' import express from 'express' import morgan from 'morgan' import dotenv from 'dotenv' import connectDB from './db.js' import checkJwt from './middleware/auth.middleware.js' import { getStudents, getStudent } from './controllers/students.controller.js' dotenv.config() connectDB() export const app = express() app.use(cors()) app.use(express.json({ limit: '50mb' })) if (process.env.NODE_ENV === 'development') { app.use(morgan('dev')) } //handle routing internally app.get('/api/students/:id', checkJwt, getStudent) app.get('/api/students', checkJwt, getStudents) const PORT = process.env.PORT || 6000 app.listen(PORT, () => console.log( `Server running in ${process.env.NODE_ENV} mode on port ${PORT}`.yellow.bold ) )

I want to divorce out the route handling as my code grows. I can't figure out where to put checkJwt once I separate out the routing.

server.js desired code structure is:

 import colors from 'colors' import cors from 'cors' import express from 'express' import morgan from 'morgan' import dotenv from 'dotenv' import connectDB from './db.js' import studentsRouter from './routes/students.routes.js' dotenv.config() connectDB() const app = express() app.use(cors()) app.use(express.json({ limit: '50mb' })) if (process.env.NODE_ENV === 'development') { app.use(morgan('dev')) } // handle routing externally const apiRouter = express.Router() app.use('/api', apiRouter) apiRouter.use('/students', studentsRouter) const PORT = process.env.PORT || 6000 app.listen(PORT, () => console.log( `Server running in ${process.env.NODE_ENV} mode on port ${PORT}`.yellow.bold ) )

Routes are implemented in the students.routes.js Route handler.

 import express from 'express' import { getStudent, getStudents } from '../controllers/students.controller.js' const router = express.Router() // where can I implement checkJwt? router.route('/').get(getStudents) router.route('/:id').get(getStudent) export default router

Is it possible to simplify the code by moving the routing, and still protect my routes?

Answer 1

you can use any middleware like this in your router:

const router = express.Router();

router.route('/').get([checkJwt, secondMiddleware, ...] , getStudents);

based on documentation: express-routing

You can provide multiple callback functions that behave like middleware to handle a request. The only exception is that these callbacks might invoke next('route') to bypass the remaining route callbacks. You can use this mechanism to impose pre-conditions on a route, then pass control to subsequent routes if there's no reason to proceed with the current route.