From d797f12734054236e43245f97f447b6970c53c94 Mon Sep 17 00:00:00 2001 From: pilcrowOnPaper Date: Sun, 31 Mar 2024 10:53:20 +0900 Subject: [PATCH] update post --- src/posts/middleware-auth.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/posts/middleware-auth.md b/src/posts/middleware-auth.md index eed886d..3e38d19 100644 --- a/src/posts/middleware-auth.md +++ b/src/posts/middleware-auth.md @@ -104,4 +104,6 @@ app.get("/", (req, res) => { }); ``` -One common response I get is that using middleware prevents developers from accidentally forgetting to add an auth check. **That's why you test your code** for anything serious. You should be testing your auth logic regardless of your implementation. Given that, adding auth checks to each route is less bug-prone and easier to debug than forcing an abstraction with middleware. +This doesn't mean middleware is useless. It works for global-level stuff like CSRF protection and providing data to each route. But even then, you should probably replace it once you need to deal with exceptions and multiple patterns. + +One common response I get to this opinion is that using middleware prevents developers from accidentally forgetting to add an auth check. **That's why you test your code**. You should be testing your auth logic regardless of your implementation. Given that, adding auth checks to each route is less bug-prone and easier to debug than forcing an abstraction with middleware.