Authorize middleware is missleading
alexnm opened this issue · comments
Alex Moldovan commented
-
Authorize middleware should be renamed, it does not authorize, it simply checks that the userId is in the request body. This functionality should not be part of the standard starter
-
The routes which actually need authorization should only rely on validateToken (which can be renamed into authorize actually)