I'm using the middleware as one layer of authentication. Within it, if the user is authenticated with Cognito, I make a request to my db to grab user info and store it in cookies, so it's faster to access on the client side.

I don't rely solely on this for auth, all api routes have their own protection implemented, so a user inserting a fake cookie wouldn't give them any access.

My question is whether I should be making a db request within my middleware. I actually make this request through a server action, not directly in the middleware, the middleware just calls the server action. Is this ok? I know the middleware runs on the edge and want to respect best practices for efficiency.