Myprojects/backend/csp2-Miras/auth.js

// Dependencies
const jwt = require('jsonwebtoken');

// secret
// signature to our token
// could any random string
const secret = "EcommerceAPI";

// token creation function
// user will be depending in our log in controller 
module.exports.createAccessToken = (user) =>{

// this called payload
	const data ={
		id: user._id,
		email:user.email,
		isAdmin:user.isAdmin
	}

	// {}-option only
	// sign-to generate a new token
	return jwt.sign(data,secret,{});
}

// Token Verification Function

// verify - to verify our user/verify middleware
module.exports.verify = (req,res,next) =>{

	// console.log(req.headers.authorization);

	let token = req.headers.authorization;

	if(typeof token === 'undefined'){

		return res.send({
			auth:'Failed. No token'
		});

	} else{
		token = token.slice(7, token.length);
		// console.log (token);

		// Token decryption

		// Validate the token using the "verify" method decrypting the token using the secret code
		jwt.verify(token, secret, function(err, decodedToken){

			if (err){
				return res.send({
					auth: false,
					message:err.message
				});
			}else{
				// console.log(decodedToken);//contains the data from our token

				// user property will be added to request object and will contain our decodedToken
				req.user = decodedToken

				next()
				// middleware function that lets us proceed to the next middleware or controller
			}
		})
	}
}

// create verification if the user is the admin


module.exports.verifyAdmin = (req,res,next) =>{
	// console.log(req.user.isAdmin);
	if(req.user.isAdmin){
		// console.log(req.user.isAdmin)
		next()
	}else{
		return res.send({
			auth:false,
			message:"Action Forbidden"
		})
		
	}
}
this is from the organization of my bootcamp repo which is mine that i did not notice i was not pushing it to my main repo, thats why i added this here and took me long cause i have no idea how to do this thanks to my curiosity i was able to identify or solve this problem. 12 months ago			`// Dependencies`
			`const jwt = require('jsonwebtoken');`

			`// secret`
			`// signature to our token`
			`// could any random string`
			`const secret = "EcommerceAPI";`

			`// token creation function`
			`// user will be depending in our log in controller`
			`module.exports.createAccessToken = (user) =>{`

			`// this called payload`
			`const data ={`
			`id: user._id,`
			`email:user.email,`
			`isAdmin:user.isAdmin`
			`}`

			`// {}-option only`
			`// sign-to generate a new token`
			`return jwt.sign(data,secret,{});`
			`}`

			`// Token Verification Function`

			`// verify - to verify our user/verify middleware`
			`module.exports.verify = (req,res,next) =>{`

			`// console.log(req.headers.authorization);`

			`let token = req.headers.authorization;`

			`if(typeof token === 'undefined'){`

			`return res.send({`
			`auth:'Failed. No token'`
			`});`

			`} else{`
			`token = token.slice(7, token.length);`
			`// console.log (token);`

			`// Token decryption`

			`// Validate the token using the "verify" method decrypting the token using the secret code`
			`jwt.verify(token, secret, function(err, decodedToken){`

			`if (err){`
			`return res.send({`
			`auth: false,`
			`message:err.message`
			`});`
			`}else{`
			`// console.log(decodedToken);//contains the data from our token`

			`// user property will be added to request object and will contain our decodedToken`
			`req.user = decodedToken`

			`next()`
			`// middleware function that lets us proceed to the next middleware or controller`
			`}`
			`})`
			`}`
			`}`

			`// create verification if the user is the admin`


			`module.exports.verifyAdmin = (req,res,next) =>{`
			`// console.log(req.user.isAdmin);`
			`if(req.user.isAdmin){`
			`// console.log(req.user.isAdmin)`
			`next()`
			`}else{`
			`return res.send({`
			`auth:false,`
			`message:"Action Forbidden"`
			`})`

			`}`
			`}`