...
Now this middleware will be called before hitting any route on the server, remember, order her here matters as well. If you want the middleware to apply to every route, you need the utilization (app.use) to be before every route (or before any routes you need to apply it for).
...
We need to be able to respond to users appropriately according to the action they performed and what the result of that action was.
For All Requests:
For all requests, if any outside user tried to access an endpoint that is behind the authorization wall we should return a 401 Not authorized code
For all requests, if a user is trying to access a resource he is not allowed to access (a worker trying to create a field for example) we should return a 403 Forbidden Code
For POST and PUT requests of a specific request does not pass validation, we should return a 400 bad request code
For GET requests:
After handling the request if the resource could be obtained we should be able to respond with the data of the resource and a 200 Success Code.
...
If we tried to handle the request and failed for some reason that’s unknown to us, then the user needs to be sent a 500 Internal Server Error Code
For all requests, if any outside user tried to access an endpoint that is behind the authorization wall we should return a 401 Not authorized code
For all requests, if a user is trying to access a resource he is not allowed to access (a worker trying to create a field for example) we should return a 403 Forbidden CodeFor POST and PUT requests of a specific request does not pass validation, we should return a 400 bad request code