Authentication middleware is now called on every page and API route. Plugin routes are also affected if they use routeHelpers.setupPageRoute
or routeHelpers.setupAPIRoute
.
This fixes an issue we had previously where certain routes were treated by NodeBB as being accessed as guest even though a valid Write API token was passed in. Now, every single page and API route in NodeBB can be authenticated via Write API (or suitable third-party authenticator via response:middleware.authenticate
)
In short, the changes:
middleware.authenticate
has been deprecated- For routes that attach directly to the router (e.g.
router.post(...
), replacemiddleware.authenticate
withmiddleware.authenticateRequest
andmiddleware.ensureLoggedIn
in order to retain the same behaviour - For routes that use
setupPageRoute
orsetupAPIRoute
, replacemiddleware.authenticate
withmiddleware.ensureLoggedIn
only.
- For routes that attach directly to the router (e.g.
middleware.authenticateOrGuest
has been renamedmiddleware.authenticateRequest
- Just rename the middleware as necessary
nodebb/nodebb@7da061f0d7c507146d88ce40a381a2f1d443c5b4