The auth service must be independent and usable by any handler.
Simply check if the auth token provided matches a user in our datastore. Possibly also verify username/email and password.
If not abort.
Else remember this user as the one for the request and do the handler stuff.
The auth service must be independent and usable by any handler.
Simply check if the auth token provided matches a user in our datastore. Possibly also verify username/email and password. If not abort. Else remember this user as the one for the request and do the handler stuff.