Reputation: 229
How to use authenticated middleware properly in nodejs
I just started working on node using express framework.
app.use('/', auth, users);
and this is my route file
router.get('/' , function(req, res, next) {
render("dashboard");
});
router.get('/first' , function(req, res, next) {
//first request
});
router.get('/second' , function(req, res, next) {
//second request
});
so on...
My question is, when i pass middleware it checks for every request whether its authenticated or not using passportjs, but suppose i have a dashboard and i am sending 10 ajax requests to grab data for the widgets. So only for dashboard it will call deserialize function 11 times ,first to render the page and then for 10 ajax request. I read answer given over here, How to properly use Passport.js? But is it fine to go with this approach?
Upvotes: 0
Views: 68
Answers (1)
Reputation: 3063
Yes, it is fine to go with this approach if you don't want to have security issues. You have to check the user for every request, it is very simple someone to check the network tab in the browser debugger, understand what's going on and then start spoofing your requests. You can't sacrifice security for performance because you want to execute few query less.
Upvotes: 1
Related Questions
- How to setup an authentication middleware in Express.js
- how to add authentication middleware in node js
- Node.js passport local authentication is not calling the middleware
- Passport.js authentication middleware with Node.js
- passportJS authentication for all routes
- NodeJS Express Passport - req.user is undefined
- express Router passing passport.jwt middleware
- Express middleware Passport not responding unauthorized
- How to authenticate with node.js Passport through a get-request?
- Passport middleware for Node.js