const catchExceptions = require('../../utils/catchExceptions')
/**
* Gets the currently authenticated user in the current session.
*/
const getAuthUser = catchExceptions((req, res) => {
// our code goes here...
})
module.exports = getAuthUser
2 - Input Request
None.
3 - Middleware
Now it's time to add our first middleware. This will essentially protect any route against unauthenticated users.
File: src/middleware/auth/auth.middleware.js
const globalResponseDto = require('../responses/globalResponseDto')
const isAuthenticated = (req, res, next) => {
if (!req.session.user) {
return res.status(401).json(
globalResponseDto({
status: 'error',
code: 401,
message:
'Access denied: you must be logged in to access this API endpoint.',
data: null,
errors: ['You must be logged in.']
})
)
}
next()
}
module.exports = isAuthenticated
We can then add this isAuthenticated middleware to our GET /users/auth route as follows. Remember that this is a reusable middleware, we'll be using this all throughout the next chapter.
None, but because we are using the express-session library, we can simply just retrieve the user from the req object given to us in our controller, see below.
6 - Events
None.
7 - Response
Putting it all together, we get the follow. Do note also that we are reusing our userResponseDto to help us out with outputting the correct user information to our client.
File: src/controllers/user/getAuthUser.js
const globalResponseDto = require('../../responses/globalResponseDto')
const userResponseDto = require('../../responses/userResponseDto')
const catchExceptions = require('../../utils/catchExceptions')
/**
* Gets the currently authenticated user in the current session.
*/
const getAuthUser = catchExceptions((req, res) => {
const user = req.session.user // This is essentially our logged in user
res.status(200).json(
globalResponseDto({
status: 'success',
code: 200,
message: `The currently authenticated user's information.`,
data: userResponseDto(user),
errors: null
})
)
})
module.exports = getAuthUser
