Middleware is enough to protect the api route and app? #64149
Unanswered
thomasop
asked this question in
App Router
Replies: 1 comment
-
|
while middleware protects the routes, you should ensure that each API route also has its own authentication checks to secure your application fully |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello I just wanted to know if the middleware was enough to protect the application. For example if I have api routes and server actions to get/add data in my database and only the /dashbord route calls these elements. I need to add a session check before getting the data or creating it. I specify that the route/dashbord is protected by middleware
To explain better for example I have 3 roads. One to connect, then one for home and one for dashbord.
/dashbord is protected by middleware (only logged-in users can access it). In my dashbord route I make calls to my route api and I can for example create something with a form (server action). Do I need to double check if the session exists before calling api or does middleware protect that?
Thank you
Beta Was this translation helpful? Give feedback.
All reactions