I am currently making a simple website with social login integration on node.js with express. Very similar to the social auth challenges here on freecodecamp.
I may be overthinking, but are there any best practices for serving css for secure routes/pages?
The most common practice is to provide a public folder that returns “static” assets, such as html,js,css,images. Right now I assume you have a folders of css, html,js. Id throw all of them into a single folder, and “serve” that folder to users.
You can secure these with middle-ware if you choose so. It depends on your application tho, if your application has a lot of “public” facing pages that require no authentication then it probably wont make sense.
But if your app is say a banking app, and the only page you can access without authentication is the login page, then you could use middleware to prevent access to the public folder, besides the login page and its assets.