workshopapps · kayceeDev · Nov 18, 2022 · Nov 18, 2022
diff --git a/src/services/auth.js b/src/services/auth.js
@@ -23,6 +23,36 @@ const createSendToken = (data, status, message, res) => {
   });
 };
 
+const protect = asyncHandler(async (req, res, next) => {
+  // get token and check if it is there
+  let token;
+
+  if (
+    req.headers.authorization
+    && req.headers.authorization.startsWith('Bearer')
+  ) {
+    token = req.headers.authorization.split(' ')[1];
+  }
+
+  if (!token) {
+    return res.json({ message: 'You are not logged in! Please login to get access' });
+  }
+
+  // validate signToken or verify token
+  const decoded = jwt.verify(token, process.env.JWT_SECRET);
+
+  /* check if user still exist (important! especially if the user has been deleted after jwt has been issued) */
+  const currentUser = await User.findById(decoded.id);
+  if (!currentUser) {
+    return res.json({ message: 'The user that this token belongs to no longer exists' });
+  }
+
+  // Grant access to protected route
+  req.user = currentUser;
+  next();
+});
+
 module.exports = {
-    createSendToken
+    createSendToken,
+    protect,
 }
diff --git a/src/services/index.js b/src/services/index.js
@@ -1,6 +1,7 @@
-const {createSendToken} = require("./auth")
+const {createSendToken, protect} = require("./auth")
 
 
 module.exports = {
-    createSendToken
+    createSendToken,
+    protect
 }