Hey @baris ,
I started on the refactoring of our authentication code, but ran into some issues. I'm somewhat new to express but I think the problem is the plugins "action:app.load" method doesn't get invoked until after the app.use(app.router) call in webserver.js line 308 which prevents it from actually intercepting requests before they are routed by the application.
From what I can see it looks like much of the webserver.js initialization is actually launched asynchronously when that file is included by app.js, not when it's init method is invoked. I tried firing the same hook just before the app.use(app.router) call to see if that would work, but it appears that plugins aren't yet initialized by that point - not surprising since the init call is a bit further down in app.js.
I think to accomplish what I'm after might require a bit of refactoring of the timing of the init code to postpone the webserver initialization, or at least part of it, until after the plugins have loaded. I'd be happy to take a crack at this if there's a chance the code might make it back upstream, but I wanted to ask if this was something you guys might want in the core codebase or not before investing the time.