Updating and Deleting a User

[Alkandari-Y]

In the users.routes, we have two endpoints that are using the router.param middleware for access the logged in user. We also have passport performing that job for us when we use the passport.authenticate() middleware when using the jwt strategy.

The jwt strategy is performing a search to get the logged in user already. There is no need for the router.param middleware to perform this function as well. This technically isnt a bug, but is a duplication of the same operation. Currently there are two hits on the database to retrieve the same data.

Modify the routes to not use the router.param middleware and remove the middleware entirely. You can do this by:

router.put("/profile", passport.authenticate("jwt", { session: false }), updateUser)
router.delete("/profile", passport.authenticate("jwt", { session: false }), deleteUser)

This also makes it clearer for the endpoints when the reviewing the apis in the frontend.

The question that comes to me is, why would would have an endpoint for the user to delete their account?