open_in_new content_copy 
//authMiddleware.js

const jwt = require('jsonwebtoken');

module.exports = function (req, res, next) {
  
  const token = req.header('Authorization')?.split(' ')[1];

  if (!token) return res.status(401).send('Access Denied'); 

  try {

    const verified = jwt.verify(token, process.env.JWT_SECRET);
    req.user = verified; 
    next(); 
  } catch (err) {

    res.status(400).send('Invalid Token');
  }
};