# Getting Authenticated User - Implementation ## 1 - Route Name We'll firs start off by adding the route and the controller in. `GET /api/v1/users/auth` *File: src/routes/user.route.js* ```javascript const express = require('express') const router = express.Router() const isAuthenticated = require('../middleware/auth.middleware') const { registerUser, getAuthUser } = require('../controllers/auth') router.post('/', registerUser) router.post('/auth', getAuthUser) // This is our new route module.exports = router ``` *File: src/controllers/user/getAuthUser.js* ```javascript const catchExceptions = require('../../utils/catchExceptions') /** * Gets the currently authenticated user in the current session. */ const getAuthUser = catchExceptions((req, res) => { // our code goes here... }) module.exports = getAuthUser ``` ## 2 - Input Request None. ## 3 - Middleware Now it's time to add our first middleware. This will essentially protect any route against unauthenticated users. *File: src/middleware/auth/auth.middleware.js* ```javascript const globalResponseDto = require('../responses/globalResponseDto') const isAuthenticated = (req, res, next) => { if (!req.session.user) { return res.status(401).json( globalResponseDto({ status: 'error', code: 401, message: 'Access denied: you must be logged in to access this API endpoint.', data: null, errors: ['You must be logged in.'] }) ) } next() } module.exports = isAuthenticated ``` We can then add this `isAuthenticated` middleware to our `GET /users/auth` route as follows. Remember that this is a reusable middleware, we'll be using this all throughout the next chapter. *File: src/controllers/auth/getAuthUser.controller.js* ```javascript const { getAuthUser } = require('../controllers/auth') router.get('/auth', isAuthenticated, getAuthUser) ``` ## 4 - Validation None. ## 5 - Domain None, but because we are using the `express-session` library, we can simply just retrieve the user from the `req` object given to us in our controller, see below. ## 6 - Events None. ## 7 - Response Putting it all together, we get the follow. Do note also that we are reusing our `userResponseDto` to help us out with outputting the correct user information to our client. *File: src/controllers/user/getAuthUser.js* ```javascript const globalResponseDto = require('../../responses/globalResponseDto') const userResponseDto = require('../../responses/userResponseDto') const catchExceptions = require('../../utils/catchExceptions') /** * Gets the currently authenticated user in the current session. */ const getAuthUser = catchExceptions((req, res) => { const user = req.session.user // This is essentially our logged in user res.status(200).json( globalResponseDto({ status: 'success', code: 200, message: `The currently authenticated user's information.`, data: userResponseDto(user), errors: null }) ) }) module.exports = getAuthUser ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://book.restfulnode.com/part-3/chapter-8/6-getting-authenticated-user-implementation.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.