Add authenticationToken method ( util/jwt.util.js)

• npm i jsonwebtoken

    const jwt = require('jsonwebtoken')
    const TOKEN_SECRET = "7bc78545b1a3923cc1e1e19523fd5c3f20b409509";//process.env.ACCESS_TOKEN_SECRET;

    class JwtUtil
    {
        static authenticateToken(req, res, next) {
            // Gather the jwt access token from the request header
            const authHeader = req.headers['authorization']
            const token = authHeader && authHeader.split(' ')[1]
            if (token == null) return res.sendStatus(401) // if there isn't any token

            jwt.verify(token, TOKEN_SECRET, (err, user) => {
            console.log(err)
            if (err) return res.sendStatus(403)
            req.user = user
            next() // pass the execution off to whatever request the client intended
            })
        }

    }

    exports.JwtUtil = JwtUtil;

Task 2: Get Users API - Add token validation ( users.router.js)

• Without Security

    router.get('/',  userController.getAllUsers);

• With Security

    const {JwtUtil} = require("./util/jwt.util");
    router.get('/',  JwtUtil.authenticateToken, userController.getAllUsers);

Task 4: Test

• http://localhost:3000/api/users

• Without Token

    Unauthorized - 401 status code

• Pass token in Postman ( Authorization : Bearer Token)

    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7ImlkIjo1MCwibmFtZSI6Ik5hcmVzaCIsImVtYWlsIjoibmFyZXNoMTIzQGdtYWlsLmNvbSIsInJvbGUiOiJVU0VSIn0sImlhdCI6MTYwNTc0OTIwNywiZXhwIjoxNjA1NzUyODA3fQ.nZVJqMbXNHlPy5uAWEiz1xg3NNBzK9LOXzR2EkY9aXM