@kiishigod@commando_skiipz Secondly, you'll always come back to your middleware if you release another api version, let's assume v2. You can extract only the endpoint without the api/v1 or make api/v{dynamic version}.
@kiishigod@commando_skiipz This looks great, your second if conditions can be optimized further,
1. Create an array of authPath = ["api/v1/auth/register",....]
2. Check if authPath.contains(path) then you're good.
@jay_hunts Answer to developer question: We can't call it a rush; you can't give what you don't have. The majority of developers are not aware of all these security measures to be considered during development.
@jay_hunts There are knowledge gaps in the industry surrounding app security, and some companies tend to trust QA reports more than penetration testing reports.