Express 4, matching req.path with URL param

Question

I made a custom middleware for Express router that allows me to whitelist certain endpoints of my API to be excluded from authentication. However I have a route where I depend on URL parameter and I can't get my middleware to work as intended with it. Apparently :profileId doesn't do anything and my API endpoint still requires authentication.

The reason I need that path to be excluded from authentication is because of my React frontend that should display that data to the public (without people registering and logging in). Any tips how to solve this?

const apiAuth = (req, res, next) => {
  let authRequired = true;

  if (
    req.path == "/api/users/register" ||
    req.path == "/api/users/login" ||
    req.path == "/api/profiles/:profileId"
  ) {
    authRequired = false;
  }

  if (authRequired == true) {
    // Auth check logic
  }
}

You could use regex to test your path which should end with a integer? — SylvainF, Mar 05 '19 at 11:23

OllysCoding · Accepted Answer · 2019-03-05T17:01:35.300

There's a few better approaches for handling the requirement of middleware, that are generally used over the method you're suggesting:

Only include your authentication middleware on routes you require it:

const authenticationMiddleware = (req, res, next) => {
    // your login check logic
}

router.get('/api/users/me', authenticationMiddleware, (req, res, next) => {
    // your route logic, this endpoint now requires you to be logged in, as you have specified your authentication middleware in the declaration,
})

router.get('/api/profiles/:profileId', (req, res, next) => {
     // your route logic, this endpoint does not require you to be logged in as you have not put the middleware in the route delcaration
})

Or, add the authentication middleware based on where your routes are called:

router.get('/api/profiles/:profileId', (req, res, next) => {
    // your route logic, this endpoint does not require you to be logged as we have not told our router to use the middleware yet
})

router.use(authenticationMiddleware)

router.get('/api/users/me', (req, res, next) => {
    // your route logic, this endpoint now requires you to be logged in, as the router has been told to use the middleware at this point.
})

Why these methods? Try and think of all the router or app calls you're making as adding to a stack which express uses to handle calls to your site or API. As it works its way through looks for routes it will call any middlewares it finds on its way.

This solves the issue of having to declare a list or array of routes which do or don't require a particular piece of authentication, etc.

You'll also need to make sure to call next() in your middleware if you want it to work, as this tells express to continue going through all the routes/middleware's it has.

Thank you for your suggestions, I'll do it that way. And I do have `next()` but I didn't paste the whole code, instead I made that comment `// Auth check logic`. — MerkisL, Mar 05 '19 at 12:10
For sake of completeness, you can also mount the middle Ware based on a path `app.use('/some/routeRoot', authMiddleware)` — Paul, Mar 05 '19 at 17:05

Express 4, matching req.path with URL param

1 Answers1