require('dotenv').config();
const jwt = require('jsonwebtoken');
function verifyJWT(req, res, next) {
const authHeader = req.headers.authorization;
if (!authHeader) {
return res.status(401).send({ message: 'unauthorized access' });
}
const token = authHeader.split(' ')[1];
jwt.verify(token, process.env.ACCESS_TOKEN_SECRET, (err, decoded) => {
if (err) {
return res.status(403).send({ message: 'Forbidden access' });
}
console.log('decoded', decoded);
req.decoded = decoded;
next();
})
}
// this is inside run()
app.post('/login', async (req, res) => {
const user = req.body;
const accessToken = jwt.sign(user, process.env.ACCESS_TOKEN_SECRET, {
expiresIn: '1d'
});
res.send({ accessToken });
})