If you know what your protected and unprotected routes are you could order your middleware stack as follows 😄
// all unprotected routes
app.use(controller.authController.isAuthenticated);
// all protected routes
Here, only the protected routes will have the request go through the isAuthenticated check before triggering the specific route, since the middleware are executed top to bottom.
I'm not sure what the actually solution to this is tbh. This is just something off the top of my head. 🙂