Best practices for Next steps, please

[francisrod01]

Opinion: We should have a Discussions tab here.

I want to scale this repo to my side projects, and maybe use it for professional ones, so how are the plans for best practices?

I'm implementing a dashboard route in the backend, but I wonder if the login function shouldn't be a middleware, like the requireAdmin.

I just implemented a dashboard.route.js to get all users registered, but it seems unsafe because there's no JWT verification in it.

const express = require('express');
const asyncHandler = require('express-async-handler');
const requireAdmin = require('../middleware/require-admin');
const userCtrl = require('../controllers/user.controller');

const router = express.Router();
module.exports = router;

router.get('/user', asyncHandler(getUsers), requireAdmin);

async function getUsers(req, res) {
  let users = await userCtrl.retrieve();

  users = users.map((user) => {
    user = user.toObject();
    delete user.hashedPassword;

    return user;
  });

  res.json(users);
}