jwtBetter.js

const mongoose = require('mongoose')
const express = require('express')
const bodyParser = require('body-parser')
const expressJWT = require('express-jwt')
const jwt = require('jsonwebtoken')
const apiRoutes = require('./routers/api')
const app = express()

app.use(bodyParser.urlencoded())
app.use(expressJWT({ secret: 'string de secret' }).unless({ path: ['/login']}))

const User = require('./models/user') // Modelo do mongoose

// Nossa Rota
app.post('/login', (req, res) => {
  if (!req.body.username) {
    res.status(400).send('Username required')
    return
  } else if (!req.body.password) {
    res.status(400).send('Password Required')
    return
  }
  
  User.findOne({ username: req.body.username}, (err, user) => {
      user.comparePassword(req.body.password, (err, isMatch) => {
          if (err) throw err
          if (!isMatch) res.status(401).send('Invalid Password')
          res.status(200).json({})
      })
  })
})

const secrets = require('./secrets')
app.use('/api', apiRoutes)
// Restante do código