AUTHORIZATION EXAMPLE - verify token in every CTRL
Example in users/profile route
-
Add new route in routes\users.routes.js
router.get('/profile', ctrl.getUserProfileCTRL);http://localhost:5555/api/v1/users/profileRemember, that in POSTMAN we add token to "Authorization" TAB > Type(Bearer Token)
See the Pen 53__userProfile route by Andrii (@imitator) on CodePen.
-
Add verification technique for users/profile route in
controllers\users\getUserProfileCTRL.js
See the Pen 54__getUserProfileCTRL__verifyProcess by Andrii (@imitator) on CodePen.
So in this example explains that we may to use all these steps for every route, that user has an access:- const jwt = require('jsonwebtoken');
- require('dotenv').config;
- const { authorization } = req.headers;
- const [, token] = authorization.split(' ');
- const { SECRET_KEY } = process.env;
- const { id } = jwt.verify(token, SECRET_KEY);
Also we may create from this code middleware & use it, BUT in practice middleware creates with other verifying technique, calls passport & passport-jwt