freeCodeCamp/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/create-new-middleware.md

---
id: 5895f70df9fc0f352b528e6a
title: Create New Middleware
challengeType: 2
forumTopicId: 301551
dashedName: create-new-middleware
---

# --description--

As is, any user can just go to `/profile` whether they have authenticated or not, by typing in the url. We want to prevent this, by checking if the user is authenticated first before rendering the profile page. This is the perfect example of when to create a middleware.

The challenge here is creating the middleware function `ensureAuthenticated(req, res, next)`, which will check if a user is authenticated by calling passport's `isAuthenticated` method on the `request` which, in turn, checks if `req.user` is defined. If it is, then `next()` should be called, otherwise, we can just respond to the request with a redirect to our homepage to login. An implementation of this middleware is:

```js
function ensureAuthenticated(req, res, next) {
  if (req.isAuthenticated()) {
    return next();
  }
  res.redirect('/');
};
```

Now add *ensureAuthenticated* as a middleware to the request for the profile page before the argument to the get request containing the function that renders the page.

```js
app
 .route('/profile')
 .get(ensureAuthenticated, (req,res) => {
    res.render(process.cwd() + '/views/pug/profile');
 });
```

Submit your page when you think you've got it right. If you're running into errors, you can check out the project completed up to this point [here](https://gist.github.com/camperbot/ae49b8778cab87e93284a91343da0959).

# --hints--

Middleware ensureAuthenticated should be implemented and on our /profile route.

```js
(getUserInput) =>
  $.get(getUserInput('url') + '/_api/server.js').then(
    (data) => {
      assert.match(
        data,
        /ensureAuthenticated[^]*req.isAuthenticated/gi,
        'Your ensureAuthenticated middleware should be defined and utilize the req.isAuthenticated function'
      );
      assert.match(
        data,
        /profile[^]*get[^]*ensureAuthenticated/gi,
        'Your ensureAuthenticated middleware should be attached to the /profile route'
      );
    },
    (xhr) => {
      throw new Error(xhr.statusText);
    }
  );
```

A Get request to /profile should correctly redirect to / since we are not authenticated.

```js
(getUserInput) =>
  $.get(getUserInput('url') + '/profile').then(
    (data) => {
      assert.match(
        data,
        /Home page/gi,
        'An attempt to go to the profile at this point should redirect to the homepage since we are not logged in'
      );
    },
    (xhr) => {
      throw new Error(xhr.statusText);
    }
  );
```

# --solutions--

```js
/**
  Backend challenges don't need solutions, 
  because they would need to be tested against a full working project. 
  Please check our contributing guidelines to learn more.
*/
```
feat(challenge-md): Add initial markdown challenge files 2018-09-30 23:01:58 +01:00			`---`
			`id: 5895f70df9fc0f352b528e6a`
			`title: Create New Middleware`
			`challengeType: 2`
fix(curriculum): Added forumTopicId to remaining 1200 challeng… (#36558) 2019-08-05 09:17:33 -07:00			`forumTopicId: 301551`
feat(curriculum): restore seed + solution to Chinese (#40683) * feat(tools): add seed/solution restore script * chore(curriculum): remove empty sections' markers * chore(curriculum): add seed + solution to Chinese * chore: remove old formatter * fix: update getChallenges parse translated challenges separately, without reference to the source * chore(curriculum): add dashedName to English * chore(curriculum): add dashedName to Chinese * refactor: remove unused challenge property 'name' * fix: relax dashedName requirement * fix: stray tag Remove stray `pre` tag from challenge file. Signed-off-by: nhcarrigan <nhcarrigan@gmail.com> Co-authored-by: nhcarrigan <nhcarrigan@gmail.com> 2021-01-13 03:31:00 +01:00			`dashedName: create-new-middleware`
feat(challenge-md): Add initial markdown challenge files 2018-09-30 23:01:58 +01:00			`---`

Feat: add new Markdown parser (#39800) and change all the challenges to new `md` format. 2020-11-27 19:02:05 +01:00			`# --description--`
fix(curriculum): advanced node express changes for new boilerplate (#39080) * fix: add tests and steps * add necessary changes * edit for new boilerplate * fix: adjust content for boilerplate merge * add 4 passing 1 failing socketio * fix: add socketio changes * fix: update wording and http test Co-authored-by: Kristofer Koishigawa <scissorsneedfoodtoo@gmail.com> * fix: replace glitch remix urls with repl.it urls * integrate steps between lessons 4 and 5 * add mongodb altas link * edit test to not require db deletion * correct register routing and formatting * fix typos and formatting * fix: typos, standardize spacing, and remove unnecessary hr elements * fix: add/update links Add or update Gist solution links at the bottom of each challenge. Also add a missing link/text to the top of one of the challenges. * fix: remove Repl.it/boilerplate repo links from all but first challenge * fix: add target='_blank' to links in challenges * add note about PIP browser issues * move PIP note to end of instructions Co-authored-by: Kristofer Koishigawa <scissorsneedfoodtoo@gmail.com> 2020-09-04 14:50:03 +01:00
Feat: add new Markdown parser (#39800) and change all the challenges to new `md` format. 2020-11-27 19:02:05 +01:00			As is, any user can just go to `/profile` whether they have authenticated or not, by typing in the url. We want to prevent this, by checking if the user is authenticated first before rendering the profile page. This is the perfect example of when to create a middleware.
fix(curriculum): advanced node express changes for new boilerplate (#39080) * fix: add tests and steps * add necessary changes * edit for new boilerplate * fix: adjust content for boilerplate merge * add 4 passing 1 failing socketio * fix: add socketio changes * fix: update wording and http test Co-authored-by: Kristofer Koishigawa <scissorsneedfoodtoo@gmail.com> * fix: replace glitch remix urls with repl.it urls * integrate steps between lessons 4 and 5 * add mongodb altas link * edit test to not require db deletion * correct register routing and formatting * fix typos and formatting * fix: typos, standardize spacing, and remove unnecessary hr elements * fix: add/update links Add or update Gist solution links at the bottom of each challenge. Also add a missing link/text to the top of one of the challenges. * fix: remove Repl.it/boilerplate repo links from all but first challenge * fix: add target='_blank' to links in challenges * add note about PIP browser issues * move PIP note to end of instructions Co-authored-by: Kristofer Koishigawa <scissorsneedfoodtoo@gmail.com> 2020-09-04 14:50:03 +01:00
Feat: add new Markdown parser (#39800) and change all the challenges to new `md` format. 2020-11-27 19:02:05 +01:00			The challenge here is creating the middleware function `ensureAuthenticated(req, res, next)`, which will check if a user is authenticated by calling passport's `isAuthenticated` method on the `request` which, in turn, checks if `req.user` is defined. If it is, then `next()` should be called, otherwise, we can just respond to the request with a redirect to our homepage to login. An implementation of this middleware is:
fix(curriculum): Convert blockquote elements to triple backtick syntax for Information Security And Quality Assurance (#35997) * fix: converted blockquotes * fix: added extra line before triple backtick syntax Co-Authored-By: Oliver Eyton-Williams <ojeytonwilliams@gmail.com> * fix: corrected misc issues * fix: properly closed em element Co-Authored-By: Oliver Eyton-Williams <ojeytonwilliams@gmail.com> 2019-05-14 04:58:09 -07:00
			```js
			`function ensureAuthenticated(req, res, next) {`
			`if (req.isAuthenticated()) {`
			`return next();`
			`}`
			`res.redirect('/');`
curriculum: Change pre and code to blockquote in Advanced Node and Express challenges (#35713) * curriculum: Change pre and code to blockquote in Advanced Node and Express challenge 2019-05-02 15:49:07 +05:30			`};`
fix(curriculum): Convert blockquote elements to triple backtick syntax for Information Security And Quality Assurance (#35997) * fix: converted blockquotes * fix: added extra line before triple backtick syntax Co-Authored-By: Oliver Eyton-Williams <ojeytonwilliams@gmail.com> * fix: corrected misc issues * fix: properly closed em element Co-Authored-By: Oliver Eyton-Williams <ojeytonwilliams@gmail.com> 2019-05-14 04:58:09 -07:00			```

Feat: add new Markdown parser (#39800) and change all the challenges to new `md` format. 2020-11-27 19:02:05 +01:00			`Now add ensureAuthenticated as a middleware to the request for the profile page before the argument to the get request containing the function that renders the page.`
fix(curriculum): Convert blockquote elements to triple backtick syntax for Information Security And Quality Assurance (#35997) * fix: converted blockquotes * fix: added extra line before triple backtick syntax Co-Authored-By: Oliver Eyton-Williams <ojeytonwilliams@gmail.com> * fix: corrected misc issues * fix: properly closed em element Co-Authored-By: Oliver Eyton-Williams <ojeytonwilliams@gmail.com> 2019-05-14 04:58:09 -07:00
			```js
			`app`
			`.route('/profile')`
			`.get(ensureAuthenticated, (req,res) => {`
			`res.render(process.cwd() + '/views/pug/profile');`
			`});`
			```

Feat: add new Markdown parser (#39800) and change all the challenges to new `md` format. 2020-11-27 19:02:05 +01:00			`Submit your page when you think you've got it right. If you're running into errors, you can check out the project completed up to this point [here](https://gist.github.com/camperbot/ae49b8778cab87e93284a91343da0959).`
fix(curriculum): advanced node express changes for new boilerplate (#39080) * fix: add tests and steps * add necessary changes * edit for new boilerplate * fix: adjust content for boilerplate merge * add 4 passing 1 failing socketio * fix: add socketio changes * fix: update wording and http test Co-authored-by: Kristofer Koishigawa <scissorsneedfoodtoo@gmail.com> * fix: replace glitch remix urls with repl.it urls * integrate steps between lessons 4 and 5 * add mongodb altas link * edit test to not require db deletion * correct register routing and formatting * fix typos and formatting * fix: typos, standardize spacing, and remove unnecessary hr elements * fix: add/update links Add or update Gist solution links at the bottom of each challenge. Also add a missing link/text to the top of one of the challenges. * fix: remove Repl.it/boilerplate repo links from all but first challenge * fix: add target='_blank' to links in challenges * add note about PIP browser issues * move PIP note to end of instructions Co-authored-by: Kristofer Koishigawa <scissorsneedfoodtoo@gmail.com> 2020-09-04 14:50:03 +01:00
Feat: add new Markdown parser (#39800) and change all the challenges to new `md` format. 2020-11-27 19:02:05 +01:00			`# --hints--`
feat(challenge-md): Add initial markdown challenge files 2018-09-30 23:01:58 +01:00
Feat: add new Markdown parser (#39800) and change all the challenges to new `md` format. 2020-11-27 19:02:05 +01:00			`Middleware ensureAuthenticated should be implemented and on our /profile route.`
feat(challenge-md): Add initial markdown challenge files 2018-09-30 23:01:58 +01:00
Feat: add new Markdown parser (#39800) and change all the challenges to new `md` format. 2020-11-27 19:02:05 +01:00			```js
			`(getUserInput) =>`
			`$.get(getUserInput('url') + '/_api/server.js').then(`
			`(data) => {`
			`assert.match(`
			`data,`
			`/ensureAuthenticated[^]*req.isAuthenticated/gi,`
			`'Your ensureAuthenticated middleware should be defined and utilize the req.isAuthenticated function'`
			`);`
			`assert.match(`
			`data,`
			`/profile[^]get[^]ensureAuthenticated/gi,`
			`'Your ensureAuthenticated middleware should be attached to the /profile route'`
			`);`
			`},`
			`(xhr) => {`
			`throw new Error(xhr.statusText);`
			`}`
			`);`
feat(challenge-md): Add initial markdown challenge files 2018-09-30 23:01:58 +01:00			```

Feat: add new Markdown parser (#39800) and change all the challenges to new `md` format. 2020-11-27 19:02:05 +01:00			`A Get request to /profile should correctly redirect to / since we are not authenticated.`
feat(challenge-md): Add initial markdown challenge files 2018-09-30 23:01:58 +01:00
Feat: add new Markdown parser (#39800) and change all the challenges to new `md` format. 2020-11-27 19:02:05 +01:00			```js
			`(getUserInput) =>`
			`$.get(getUserInput('url') + '/profile').then(`
			`(data) => {`
			`assert.match(`
			`data,`
			`/Home page/gi,`
			`'An attempt to go to the profile at this point should redirect to the homepage since we are not logged in'`
			`);`
			`},`
			`(xhr) => {`
			`throw new Error(xhr.statusText);`
			`}`
			`);`
			```
feat(challenge-md): Add initial markdown challenge files 2018-09-30 23:01:58 +01:00
Feat: add new Markdown parser (#39800) and change all the challenges to new `md` format. 2020-11-27 19:02:05 +01:00			`# --solutions--`
feat(challenge-md): Add initial markdown challenge files 2018-09-30 23:01:58 +01:00
			```js
add comment explaining no need for solutions (#37227) 2019-10-14 21:00:42 +05:30			`/**`
			`Backend challenges don't need solutions,`
			`because they would need to be tested against a full working project.`
			`Please check our contributing guidelines to learn more.`
			`*/`
feat(challenge-md): Add initial markdown challenge files 2018-09-30 23:01:58 +01:00			```