motching
commented
3 years ago We probably should create a middleware for authorization checking, like here
https://jaketrent.com/post/local-auth-koa-api
Our architecture is dynamically assembling routes so it's a little different than the example but the gist should be the same
Right now - our APIs are exposed where you can navigate to 'api.trucktracker.net/users' for example and see all the user information including sensitive data. We need to secure these endpoints.