We "start" at our route file.
we write the get post, delete (whatever request) with out desired route
router.get('/profile', requireSignin, authMiddleware, read)
What comes after './profile' is all the middleware that we want to use for this particular GET request. In this case, in order to get to the profile Route, we want to be signed in (requiresinin) and we want to have our user data available so that ideally in the future, we can display this data on our profile page (authMiddleware). the last piece of middleware, read, takes that profile data, and removes the hashed_password property from it, just to be more secure.
We also wrote an adminMiddleware to check if the profile at hand is an admin or not (role is either 0 by default or 1 when admin)
All requests are grouped together by their type (not data type): So all routes related to authentication are in routes/auth.js. There we can write all our requests for auth related stuff, such as sign up, sign in, or sign out. The middleware for these requests can be found in the controller folder in the corresponding file.
All middleware is written in the corresponding file in the controllers folder. So all middleware related to auth, such as requireSignin, authMiddleware, or adminMiddleware is in the controllers/auth.js file
The read middleware is written in the controllers/user.js file
And all the middleware for blogs will be contained in the controllers/blog.js (which for now is still empty)
This file gets exported and imported into our server.js along with the other routes.