beginner

What is route protection in Express?

Route protection means controlling access to certain routes based on user roles or authentication status to keep parts of the app secure.

Click to reveal answer

beginner

How do you check if a user is an admin in Express middleware?

You check the user's role stored in the request (like req.user.role) and allow access only if it equals 'admin'.

Click to reveal answer

beginner

Why separate admin routes from user routes?

Separating routes helps keep admin functions secure and prevents regular users from accessing sensitive actions.

Click to reveal answer

beginner

What happens if a user tries to access an admin route without permission?

The middleware blocks access and usually sends a 403 Forbidden response or redirects the user.

Click to reveal answer

intermediate

How can you reuse route protection logic in Express?

By creating middleware functions that check roles and applying them to routes that need protection.

Click to reveal answer

What Express feature is commonly used to protect routes based on user roles?

AQuery parameters

BStatic files

CMiddleware functions

DTemplate engines

If a user is not an admin, what HTTP status code should you send when blocking access?

A500 Internal Server Error

B200 OK

C404 Not Found

D403 Forbidden

Where is user role information typically stored for route protection?

AIn req.user or session

BIn req.body

CIn URL parameters

DIn cookies only

What is a good practice to avoid repeating role checks in many routes?

AWrite role checks inside every route handler

BUse middleware functions for role checks

CIgnore role checks

DUse client-side JavaScript for protection

Which of these is NOT a reason to protect admin routes separately?

AMake admin routes slower

BImprove app security

CPrevent unauthorized access

DKeep sensitive actions safe

Explain how you would protect an admin route in Express using middleware.

Why is it important to separate admin and user routes in a web app?