saiumesh535 · November 8, 2017 11:09
diff --git a/app.js b/app.js

 var express = require('express');
 var app = express();
 const expressjwt = require('express-jwt')
 const jsonwebtoken = require('jsonwebtoken');

 // this will verify the token before going to actual requested route (middleware)
 // except the "/login" route every request needs token in header which will look like "Authorization:Bearer eyJh..........." refer image in story
 app.use(expressjwt({secret: "some key"}).unless({path: ['/', '/login']}))

 // login user routing 
 app.post('/login', (req, res) => {
  // creating token with user data "{username: req.body.username}"
  const token = jsonwebtoken.sign({username: req.body.username}, "some key");
  res.status(200).send(token);
 })

 // on user request "/getData"
 app.get('/getData', (req, res) => {
    // to retrieve same data which we haved saved during token generation
   jsonwebtoken.verify(req.get('Authorization').replace("Bearer ", ""), "some key", {
    ignoreExpiration: true
  }, (err, data) => {
    res.status(200).send(data);
  })
 })

 // to write you own error message on wrong token 
 app.use(function (err, req, res, next) {
  // this is for custom message on wrong/no token 
  if (err.name === "UnauthorizedError") {
    res.status(401).send("No token")
  } else {
    // set locals, only providing error in development
    res.locals.message = err.message;
    res.locals.error = req.app.get('env') === 'development' ? err : {};

    // render the error page
    res.status(err.status || 500);
    res.render('error');
  }
 });

	var express = require('express');
	var app = express();
	const expressjwt = require('express-jwt')
	const jsonwebtoken = require('jsonwebtoken');

	// this will verify the token before going to actual requested route (middleware)
	// except the "/login" route every request needs token in header which will look like "Authorization:Bearer eyJh..........." refer image in story
	app.use(expressjwt({secret: "some key"}).unless({path: ['/', '/login']}))

	// login user routing
	app.post('/login', (req, res) => {
	// creating token with user data "{username: req.body.username}"
	const token = jsonwebtoken.sign({username: req.body.username}, "some key");
	res.status(200).send(token);
	})

	// on user request "/getData"
	app.get('/getData', (req, res) => {
	// to retrieve same data which we haved saved during token generation
	jsonwebtoken.verify(req.get('Authorization').replace("Bearer ", ""), "some key", {
	ignoreExpiration: true
	}, (err, data) => {
	res.status(200).send(data);
	})
	})

	// to write you own error message on wrong token
	app.use(function (err, req, res, next) {
	// this is for custom message on wrong/no token
	if (err.name === "UnauthorizedError") {
	res.status(401).send("No token")
	} else {
	// set locals, only providing error in development
	res.locals.message = err.message;
	res.locals.error = req.app.get('env') === 'development' ? err : {};

	// render the error page
	res.status(err.status \|\| 500);
	res.render('error');
	}
	});