Protecting routes with auth middleware helps keep parts of your app safe. It checks if a user is allowed before they see certain pages.
function authMiddleware(req, res, next) {
if (req.user) {
next(); // allow access
} else {
res.status(401).send('Not authorized');
}
}
app.get('/protected-route', authMiddleware, (req, res) => {
res.send('This is protected');
});The middleware function runs before the route handler.
Call next() to continue if the user is allowed.
req.user exists to allow access.function authMiddleware(req, res, next) {
if (req.user) {
next();
} else {
res.status(401).send('Please log in');
}
}app.get('/dashboard', authMiddleware, (req, res) => { res.send('Welcome to your dashboard'); });
/admin with the auth middleware.app.use('/admin', authMiddleware); app.get('/admin/settings', (req, res) => { res.send('Admin settings page'); });
This example shows a simple Express app with a public route and a protected route. The authMiddleware checks if the request has a header x-user. If yes, it allows access to the profile page. Otherwise, it sends a 401 error.
import express from 'express'; const app = express(); // Simple auth middleware function authMiddleware(req, res, next) { // Simulate user logged in if header 'x-user' exists if (req.headers['x-user']) { next(); } else { res.status(401).send('Not authorized'); } } // Public route app.get('/', (req, res) => { res.send('Welcome to the public page'); }); // Protected route app.get('/profile', authMiddleware, (req, res) => { res.send('This is your profile'); }); // Start server app.listen(3000, () => { console.log('Server running on http://localhost:3000'); });
Middleware runs in the order you add it, so place auth middleware before protected routes.
In real apps, auth checks usually look at tokens or sessions, not just headers.
Always send a clear message or redirect when access is denied.
Auth middleware checks if a user can access a route.
Use next() to allow access, or send an error to block.
Protect routes by adding middleware before route handlers.