Auth Middleware

/api/v2/

users

jwt

middleware

Purpose

Carries out essential validation of most routes to secure the whole API.

Checks if the request has a header and a body content.
Checks if the body has a uid field [400].
Gets the Authorization Bearer token from the headers [401].
Verify if the JWT is valid using the same secret key that was used to generate it with the same original algorithm.
Checks if the payload of the JWT contains an iss part [401].
Finds the record for the user whose uid corresponds to that in the body from the users collection [404].
Checks if that user record has the same value for its prev_email field as that obtained from the iss part of the payload [401].
If there was a field named old_password passed in the body of that request, checks if the value in the old_password field is valid by hashing it and comparing it to the one in the fetched record from the users collection [401].
Checks if the user record fetched has a value of true for its active field [401].