Iskandar Zulqarnain Hilmi

Community Picks is a section on daily.dev where our community members share the most interesting and valuable content they've discovered online. From insightful articles to handy tools, every post is a gem curated by our dedicated coomunity. To contribute to Community Picks, you need to have at least 250 reputation points, ensuring that only active and trusted members can share their finds.

Community Picks

The post discusses the use of middleware for route protection and argues against its usage. It highlights the drawbacks of using middleware for authorization and suggests alternative approaches for implementing route protection based on user roles.

Please stop using middleware to protect your routes

I don’t understand why this article uses bad quality code to prove that we shouldn’t use middleware. Middleware can protect a group of routes that require, for example, authentication or administrator access. But modern frameworks have solutions for scopes, guards etc to limit the data a user can retrieve.
In my opinion the best way is to isolate the controller’s logic to be only business logic and not try to add irrelevant logic to it.

Protect doesn’t mean authorize. Middlware is great for authentication, for example

This is a terrible article spreading terrible advice - how did this become a community pick?
OP doesn’t like middleware for… reasons? “fixes” the problem by… doing the same thing? except now all that logics being repeated in the controller (where it doesn’t belong)
OP goes on to mock commonly accepted best practices like DRY, apparently not wanting to add many lines of code to your project is because you’re “too lazy”
I urge anyone unfamiliar with middleware/routing to completely ignore this article and instead look at your framework docs about how to correctly implement routing/middleware before murdering your project like this

The app.middleware is just a global usage of a middleware accross your project. OF COURSE you have to not protect every route, else you wouldn’t be able to login nor register. And btw you say “oh middlewares are bad” but when you provide extra functions to Express endpoints handlers, this is called a middleware too. Pointless article, probably written by a junior to say to his collegues “hey look at me I wrote an article”

I don’t see the difference between your “improving” implementation and route middleware. Also, you might consider using decorator annotations in each route if you’ are using TypeScript.