Express + JWT exclude certain routes

You can extract the function (the one that verifies the token) and use it as a middleware for specific routes in your router. That way you don't have to specify which routes that need login inside the function.

Like this:

function isLoggedIn(req, res, next) {    // check header or url parameters or post parameters for token    var token = req.headers.authorization;    // decode token    if (token) {        // verifies secret and checks exp        jwt.verify(token, process.env.SECRET_TOKEN, function(err, decoded) {            if (err) {                return res.status(401).send({                    success: false,                    message: 'Sign in to continue.'                });            } else {                // if everything is good, save to request for use in other routes                next();            }        });    } else {        // if there is no token        // return an error        return res.status(401).send({            success: false,            message: 'Sign in to continue.'        });    }}const userCtrl = new UserCtrl();// Routes that require no loginrouter.post('/login', userCtrl.login);router.get('/users', userCtrl.getAll);router.post('/user/activate', userCtrl.activate);// Routes that require loginrouter.get('/users/count', isLoggedIn, userCtrl.count);router.post('/user', isLoggedIn, userCtrl.signup);router.get('/user/:id', isLoggedIn, userCtrl.get);router.put('/user/:id', isLoggedIn, userCtrl.update);router.delete('/user/:id', isLoggedIn, userCtrl.delete);app.use('/api/v1', router);

You can read more about Express Middlewares here.