const express = require('express');
const jwt = require('jsonwebtoken');
const app = express();
const port = 3000;
app.use(express.json());
app.get('/protected-resource', (req, res) => {
const authHeader = req.headers.authorization;
if (!authHeader) {
return res.status(401).json({ message: 'Unauthorized - Missing Authorization Header' });
}
const token = authHeader.split(' ')[1];
if (!token) {
return res.status(401).json({ message: 'Unauthorized - Missing Token' });
}
try {
const decoded = jwt.verify(token, 'your-secret-key');
req.user = decoded; // Attach decoded user information to the request object
next(); // Continue with the next middleware or route handler
} catch (err) {
return res.status(401).json({ message: 'Unauthorized - Invalid Token' });
}
});
app.get('/protected-resource', (req, res) => {
// Access the user information from the request object
const user = req.user;
// Your logic for handling the protected resource for the authenticated user
res.json({ message: 'Access granted', user });
});
app.listen(port, () => {
console.log(`Server is running on port ${port}`);
});