How do I make all the controller routes for authorized users only?

[zhuravkov]

#[debug_handler]
async fn current(auth: auth::JWT, State(ctx): State) -> Result {
let user = users::Model::find_by_pid(&ctx.db, &auth.claims.pid).await?;
format::json(CurrentResponse::new(&user))
}
Should everyone add auth:auth::JWT? or you can set a common handler for the entire group of routes

[zhuravkov]

I did it this way, if there is a better way, please correct

use axum::{
    extract::Request,
    http::{HeaderMap, StatusCode},
    middleware::Next,
    response::Response,
};
use loco_rs::auth::jwt;

use loco_rs::prelude::*;

use crate::models::users;
pub async fn auth(
    State(ctx): State<AppContext>,
    headers: HeaderMap,
    mut request: Request,
    next: Next,

) -> Result<Response, StatusCode> {
    let token = loco_rs::controller::middleware::auth::extract_token_from_header(&headers).map_err(|_| StatusCode::UNAUTHORIZED)?;
    let jwt_secret = ctx.config.get_jwt_config()
        .map_err(|_| StatusCode::UNAUTHORIZED)?;
    let jwt  = jwt::JWT::new(&jwt_secret.secret);

    match jwt.validate(&token) {
            Ok(claims) => {
                let user = users::Model::find_by_pid(&ctx.db, &claims.claims.pid).await.unwrap();
                request.extensions_mut().insert(user);
                let response = next.run(request).await;
                Ok(response)
            }
            Err(_err) => {
                return Err(StatusCode::UNAUTHORIZED);
            }
        }
}

pub struct App;
#[async_trait]
impl Hooks for App {
    fn routes(_ctx: &AppContext) -> AppRoutes {

        AppRoutes::with_default_routes() // controller routes below
            .add_route(controllers::category::routes().layer(axum::middleware::from_fn_with_state(_ctx.clone(), app_middleware::auth::auth)))
........