diff --git a/api/middleware/alwaysAuthenticatedWhenLocalhost.js b/api/middleware/alwaysAuthenticatedWhenLocalhost.js
new file mode 100644
index 0000000..c799ab3
--- /dev/null
+++ b/api/middleware/alwaysAuthenticatedWhenLocalhost.js
@@ -0,0 +1,6 @@
+const alwaysAuthenticatedWhenLocalhost = (req, res, next) => {
+  req.isAuthenticated = () => true;
+  return next();
+};
+
+module.exports = alwaysAuthenticatedWhenLocalhost;
diff --git a/api/middleware/mustBeAuthenticated.js b/api/middleware/mustBeAuthenticated.js
index 77dfe87..2c44d0e 100644
--- a/api/middleware/mustBeAuthenticated.js
+++ b/api/middleware/mustBeAuthenticated.js
@@ -1,10 +1,4 @@
 const mustBeAuthenticated = (req, res, next) => {
-  if (process.env.NODE_ENV == "development") {
-    console.info(`Restricted endpoint ${req.originalUrl}, allowing with environment development.`)
-    req.isAuthenticated = () => true;
-    return next();
-  }
-
   if (!req.isAuthenticated()) {
     return res.status(401).send({
       success: false,
diff --git a/server.js b/server.js
index b06a6d7..10a451f 100644
--- a/server.js
+++ b/server.js
@@ -39,6 +39,16 @@ const setupHeaders = require(path.join(__dirname, "/api/middleware/setupHeaders"
 app.use(setupCORS);
 app.use(setupHeaders);
 
+if (process.env.NODE_ENV == "development") {
+  console.info(`NODE_ENV=development set, your are now always an authenticated user.`);
+  const alwaysAuthenticatedWhenLocalhost = require(path.join(
+    __dirname,
+    "/api/middleware/alwaysAuthenticatedWhenLocalhost"
+  ));
+
+  app.use(alwaysAuthenticatedWhenLocalhost);
+}
+
 // parse application/json
 app.use(express.json());