@Wassim thanks for you answer.
I agree that the file will be tricky to find but I still try to the basic "even hard to find it shouldn't be public when it's related to security", and it's literally for all ma security checks
I thought about the other solution but I'm trying to develop something very easy to maintain for any developers even with a low formation for my clients, your solution itself is great and easy to use, I don't want to complexify it.
I think the third solution I will retain is to create a proxy route that will take care of this common code then call the adequate resource and return the result.
I think having private code outside of a route but still on AppDrag is the only major feature I miss right now !
I haven't said it in a while: Thanks for AppDrag in general, I'm really having a great time on it
See you soon,