0

Currently, within my Middleware I save a variable using req, for example: req.middleware = "my variable";

and I pull it in the controller using req.middleware, and it works perfectly, but the problem is that I pass some sensitive data and I don't know if using this ends up exposing my variables saved in the req to the client somehow?

Lucas016
  • 41
  • 6
  • How _would_ it get back to the client? Do you then add it to the response? – jonrsharpe Feb 25 '22 at 16:21
  • In this case, my middleware passes information from the authenticated user (my payload) through ```req.middleware```, so the controller can perform its functions using this information, the purpose of the question is: Is there any way for the end user to read this data saved in ```req.middleware``` (variable created by me, and no, I don't return it as a response to the user in the controller)? And is there a better way to pass some information from a middleware to the controller? – Lucas016 Feb 25 '22 at 16:38
  • req is an object _representing_ the request the client sent; it exists only on the sever, it's not somehow magically synced with the client. – jonrsharpe Feb 25 '22 at 16:39
  • Oh perfect! And is there a better way to pass data from the middleware to the controller or even to other middleware? – Lucas016 Feb 25 '22 at 16:41
  • What exactly would "better" mean? The request is often used for this because it's an object that _is_ shared between different middleware including the controller's handler. – jonrsharpe Feb 25 '22 at 16:41
  • Thank you very much for the reply, it cleared my doubts on the subject! I asked if it was the best option because I read something about ```req.locals``` and ```res.locals```. – Lucas016 Feb 25 '22 at 16:48
  • Please include that kind of context when asking - read what, from where? Show your research, did you read e.g. https://stackoverflow.com/q/33451053/3001761? – jonrsharpe Feb 25 '22 at 16:51
  • Sorry I'm new to the community, but yes, I read this exact article which refers to ```req.locals``` and ```res.locals```, is it correct for me to use it in my project, as per example ```req.locals.middleware = "my variable";```, or use it however I want as shown in the question? – Lucas016 Feb 25 '22 at 16:54

0 Answers0