Create isAdmin
middleware
// middlewares
export const isAdmin = async (req, res, next) => {
try {
// you get req.user._id from verified jwt token
const user = await User.findById(req.user._id);
// console.log("isAdmin ===> ", user);
if (user.role !== "Admin") {
return res.status(400).send("Unauthorized");
} else {
next();
}
} catch (err) {
console.log(err);
}
};
Now apply isAdmin
middleware in your routes. Those routes will only be accessible to users with the role of admin
If you now make a request, you will get an unauthorized error:
Manually change user role to admin
in your database. Then logout and login again.
Now if you make a request, it works.