You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
One common response I get is that using middleware prevents developers from accidentally forgetting to add an auth check. **That's why you test your code** for anything serious. You should be testing your auth logic regardless of your implementation. Given that, adding auth checks to each route is less bug-prone and easier to debug than forcing an abstraction with middleware.
This doesn't mean middleware is useless. It works for global-level stuff like CSRF protection and providing data to each route. But even then, you should probably replace it once you need to deal with exceptions and multiple patterns.
One common response I get to this opinion is that using middleware prevents developers from accidentally forgetting to add an auth check. **That's why you test your code**. You should be testing your auth logic regardless of your implementation. Given that, adding auth checks to each route is less bug-prone and easier to debug than forcing an abstraction with middleware.
