Secure server route for admin user only

Create isAdmin middleware

// middlewares
export const isAdmin = async (req, res, next) => {
  try {
    // you get req.user._id from verified jwt token
    const user = await User.findById(req.user._id);
    // console.log("isAdmin ===> ", user);
    if (user.role !== "Admin") {
      return res.status(400).send("Unauthorized");
    } else {
      next();
    }
  } catch (err) {
    console.log(err);
  }
};

Now apply isAdmin middleware in your routes. Those routes will only be accessible to users with the role of admin

If you now make a request, you will get an unauthorized error:

Manually change user role to admin in your database. Then logout and login again. Now if you make a request, it works.