public()

Type: RequestHandler Access: nauth.helpers.public()

Express middleware that marks a route as public, bypassing CSRF validation.

Signature

public(): RequestHandler

Overview

The public() helper marks routes as public, allowing them to bypass CSRF token validation. This is useful for authentication endpoints (login, signup) and other public routes.

Key Features:

Bypasses CSRF validation
Does not require authentication
Context still initialized by clientInfo middleware
Works with cookie-based token delivery

Usage

Authentication Endpoints

Mark login and signup as public:

import express from 'express';
import { NAuth, ExpressAdapter } from '@nauth-toolkit/core';

const app = express();
const nauth = await NAuth.create({
  config: authConfig,
  dataSource,
  adapter: new ExpressAdapter(),
});

app.post('/auth/login', nauth.helpers.public(), async (req, res) => {
  const result = await nauth.authService.login(req.body);
  res.json(result);
});

app.post('/auth/signup', nauth.helpers.public(), async (req, res) => {
  const result = await nauth.authService.signup(req.body);
  res.json(result);
});

Health Check Endpoints

app.get('/health', nauth.helpers.public(), (req, res) => {
  res.json({ status: 'ok', timestamp: new Date().toISOString() });
});

Public API Endpoints

app.get('/api/public/posts', nauth.helpers.public(), async (req, res) => {
  const posts = await postsService.getPublicPosts();
  res.json(posts);
});

Behavior

Skips CSRF token validation
Does not require authentication
Context still initialized by clientInfo middleware
Works with all HTTP methods

requireAuth() - Require authentication
optionalAuth() - Optional authentication
CSRF Middleware - CSRF validation
Auth Middleware - JWT validation

Signature​

Overview​

Usage​

Authentication Endpoints​

Health Check Endpoints​

Public API Endpoints​

Behavior​

Related APIs​