First of all, thanks for the article.
Very detailed and useful.
Secondly, is there a way to setup caching to happen after user-permissions plugin?
If a website serves paid articles, then it can’t use this middleware cache because every user requesting an article will be authenticated user. Which means every request will have an Authorization header.
The fact that this middleware runs before the user-permissions plugin doesn’t sound like a good choice in this case, unless I am missing something.