Each part of your application should have a well-defined responsibility:
- Handlers:
- Focus: Handling HTTP requests, routing, input validation (basic format checks), and output formatting (JSON responses).
- Minimal Logic: Keep business logic and data access logic out of handlers. They should act as thin orchestrators.
- Authentication & Authorization (Initial): Check if the user is authenticated (using middleware like your
AuthMiddleware
). You can also perform initial authorization checks based on readily available information (e.g., is the user trying to access their own profile?).