# Getting Authenticated User - Implementation

## 1 - Route Name

We'll firs start off by adding the route and the controller in.

`GET /api/v1/users/auth`

*File: src/routes/user.route.js*

```javascript
const express = require('express')
const router = express.Router()

const isAuthenticated = require('../middleware/auth.middleware')
const { registerUser, getAuthUser } = require('../controllers/auth')

router.post('/', registerUser)
router.post('/auth', getAuthUser) // This is our new route

module.exports = router
```

*File: src/controllers/user/getAuthUser.js*

```javascript
const catchExceptions = require('../../utils/catchExceptions')

/**
 * Gets the currently authenticated user in the current session.
 */
const getAuthUser = catchExceptions((req, res) => {
  // our code goes here...
})

module.exports = getAuthUser
```

## 2 - Input Request

None.

## 3 - Middleware

Now it's time to add our first middleware. This will essentially protect any route against unauthenticated users.

*File: src/middleware/auth/auth.middleware.js*

```javascript
const globalResponseDto = require('../responses/globalResponseDto')

const isAuthenticated = (req, res, next) => {
  if (!req.session.user) {
    return res.status(401).json(
      globalResponseDto({
        status: 'error',
        code: 401,
        message:
          'Access denied: you must be logged in to access this API endpoint.',
        data: null,
        errors: ['You must be logged in.']
      })
    )
  }

  next()
}

module.exports = isAuthenticated
```

We can then add this `isAuthenticated` middleware to our `GET /users/auth` route as follows. Remember that this is a reusable middleware, we'll be using this all throughout the next chapter.

*File: src/controllers/auth/getAuthUser.controller.js*

```javascript
const { getAuthUser } = require('../controllers/auth')

router.get('/auth', isAuthenticated, getAuthUser)
```

## 4 - Validation

None.

## 5 - Domain

None, but because we are using the `express-session` library, we can simply just retrieve the user from the `req` object given to us in our controller, see below.

## 6 - Events

None.

## 7 - Response

Putting it all together, we get the follow. Do note also that we are reusing our `userResponseDto` to help us out with outputting the correct user information to our client.

*File: src/controllers/user/getAuthUser.js*

```javascript
const globalResponseDto = require('../../responses/globalResponseDto')
const userResponseDto = require('../../responses/userResponseDto')

const catchExceptions = require('../../utils/catchExceptions')

/**
 * Gets the currently authenticated user in the current session.
 */
const getAuthUser = catchExceptions((req, res) => {
  const user = req.session.user // This is essentially our logged in user

  res.status(200).json(
    globalResponseDto({
      status: 'success',
      code: 200,
      message: `The currently authenticated user's information.`,
      data: userResponseDto(user),
      errors: null
    })
  )
})

module.exports = getAuthUser
```