Express + JWT exclude certain routes
You can extract the function (the one that verifies the token) and use it as a middleware for specific routes in your router. That way you don't have to specify which routes that need login inside the function.
Like this:
function isLoggedIn(req, res, next) { // check header or url parameters or post parameters for token var token = req.headers.authorization; // decode token if (token) { // verifies secret and checks exp jwt.verify(token, process.env.SECRET_TOKEN, function(err, decoded) { if (err) { return res.status(401).send({ success: false, message: 'Sign in to continue.' }); } else { // if everything is good, save to request for use in other routes next(); } }); } else { // if there is no token // return an error return res.status(401).send({ success: false, message: 'Sign in to continue.' }); }}const userCtrl = new UserCtrl();// Routes that require no loginrouter.post('/login', userCtrl.login);router.get('/users', userCtrl.getAll);router.post('/user/activate', userCtrl.activate);// Routes that require loginrouter.get('/users/count', isLoggedIn, userCtrl.count);router.post('/user', isLoggedIn, userCtrl.signup);router.get('/user/:id', isLoggedIn, userCtrl.get);router.put('/user/:id', isLoggedIn, userCtrl.update);router.delete('/user/:id', isLoggedIn, userCtrl.delete);app.use('/api/v1', router);
You can read more about Express Middlewares here.