Inject authentication policy

packages/strapi-plugin-users-permissions/config/policies/isAuthenticated.js

@@ -0,0 +1,5 @@
+module.exports = async (ctx, next) => {
+  const config = strapi.plugins['users-permissions'].config;
+
+  await next();
+};

packages/strapi-plugin-users-permissions/middlewares/users-permissions/index.js

@@ -1,10 +1,21 @@
+const pathToRegexp = require('path-to-regexp');
+const _ = require('lodash');
+
 module.exports = strapi => {
   return {
     initialize: function(cb) {
-      strapi.app.use(async (ctx, next) => {
+      _.forEach(strapi.config.routes, value => {
-        await next();
+        value.config.policies.unshift('plugins.users-permissions.isAuthenticated');
       });
 
+      if (strapi.plugins) {
+        _.forEach(strapi.plugins, (plugin, name) => {
+          _.forEach(plugin.config.routes, value => {
+            value.config.policies.unshift('plugins.users-permissions.isAuthenticated');
+          });
+        });
+      }
+
       cb();
     }
   };

packages/strapi-plugin-users-permissions/package.json

@@ -26,6 +26,7 @@
   "dependencies": {
     "bcryptjs": "^2.4.3",
     "jsonwebtoken": "^8.1.0",
+    "path-to-regexp": "^2.1.0",
     "sendmail": "^1.2.0",
     "strapi-helper-plugin": "3.0.0-alpha.6.7"
   },