Protected routes with middleware using the DB
Say I want to create a middleware function like authedProcedure called subscriberProcedure that checks if a user is a member of a team that has a paid subscription- simple trpc fetch of the users teamId to get that detail suffices. This works fine, but I am wondering if this is generally considered good/bad practice? Seems like the extra DB call for every single route is not ideal.
I feel like this information could be stored in context session much like other user information is, but unlike the user id and other information, whether or not they are a member of a paid team is dynamic- it could change without the user actually doing anything (if say, an admin on the team changed the subscription). So where would be the appropriate place to fetch this value, and add it to the user session context? Or is my original approach fine.
1 Reply
Start with the extra db call per route and see how far you get.
Once u do but performance issues you could either store this info in the session. Or have a separate cache storing the results of a user’s membership status.
Just remember to invalidate/update the session/cache if any membership changes are made