Now we are going to protect the routes for the user with the role of Author, just like we did previously for the users with the role of Admin.

Server

// middlewares
export const isAuthor = async (req, res, next) => {
  try {
    // you get req.user._id from verified jwt token
    const user = await User.findById(req.user._id);
    // console.log("isAdmin ===> ", user);
    if (user.role !== "Author") {
      return res.status(400).send("Unauthorized");
    } else {
      next();
    }
  } catch (err) {
    console.log(err);
  }
};

// route
// CHANGE THE previous currentAdmin controller function to currentUser
// so that it can be used multiple times
router.get("/current-admin", requireSignin, isAdmin, currentUser);
router.get("/current-author", requireSignin, isAuthor, currentUser);