# Middleware Express nos brinda la opción de agregar custom middleware a nuestras rutas para realizar otras validaciones. En nuestro archivo `index.js` de la carpeta `api/user` agreguemos la ruta para obtener todos los usuarios. {% code title="api/user/index.js" %} ```javascript const { Router } = require('express'); const controller = require('./user.controller'); const router = new Router(); // New Line router.get('/', controller.index); router.post('/', controller.create); module.exports = router; ``` {% endcode %} Si vamos luego a postman tendremos algo como esto: ![User list‌](https://blobscdn.gitbook.com/v0/b/gitbook-28427.appspot.com/o/assets%2F-Lgyno4NC7rhy49BAEjN%2F-LhGvGk-xNnF2C9qksb5%2F-LhH6Dy49KXGc2inkanY%2FScreen%20Shot%202019-06-13%20at%201.32.12%20PM.png?alt=media\&token=0ed38aa7-2ffa-4cd0-b70a-7390374c1ad0) Ahora si le agregamos el middleware `isAuthenticated` a esta nueva ruta, el código se vería así: {% code title="api/user/index.js" %} ```javascript const { Router } = require('express'); const controller = require('./user.controller'); // New line const auth = require('./../../auth/auth.service'); const router = new Router(); // Update line router.get('/', auth.isAuthenticated(), controller.index); router.post('/', controller.create); module.exports = router; ``` {% endcode %} | Route | HTTP Verb | Route Middleware | Description | | ---------- | --------- | ----------------- | -------------- | | /api/users | GET | `isAuthenticated` | List all users | Si hacemos un llamado de nuevo a esta url sin pasar el postman veremos algo así: ![401 unauthorized‌](https://blobscdn.gitbook.com/v0/b/gitbook-28427.appspot.com/o/assets%2F-Lgyno4NC7rhy49BAEjN%2F-LhGvGk-xNnF2C9qksb5%2F-LhHD3obFHUidOlZWE2l%2FScreen%20Shot%202019-06-13%20at%202.01.38%20PM.png?alt=media\&token=d9bdade4-a4f8-489d-965a-204e5dccc2f2) Pero sí agregamos el token de autorización al llamado, la respuesta es diferente y afirmativa. ![User list with authorized](https://blobscdn.gitbook.com/v0/b/gitbook-28427.appspot.com/o/assets%2F-Lgyno4NC7rhy49BAEjN%2F-LhGvGk-xNnF2C9qksb5%2F-LhHENEiWTMBQnc1fg0e%2FScreen%20Shot%202019-06-13%20at%202.03.56%20PM.png?alt=media\&token=da5a6d75-779b-4f8d-9cd4-8894bd9b62a5) ### ​Repositorio: [Add the middleware to user endpoint](https://github.com/colombia-dev/medjs-workshop-fullstack-js-backend/commit/d4dcfe0194a6af79b76d385601523e45c6aa5433)[
](https://app.gitbook.com/@khriztianmoreno/s/workspace/v/master/backend/passportjs/configuracion-passportjs) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://medellin-js.gitbook.io/workshop-fullstack-js-developer/backend/passport-js/middleware.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.