How to organize work with a token in NodeJS Express?

G

gallantalex2017-10-11 15:40:54

JSON Web Token

gallantalex, 2017-10-11 15:40:54

How to properly organize the work and verification of the token?
I have several routes in my api that need to be secured and only available to certain users.
I understand correctly that I must write the user's id into the token and save it in the user's database and give it to the front. And when I send a request from the front, I will put a token in the request header.
On the backend, I:
1. Accept the request
2. In the middleware , decrypt the token
3. I get the user id there
4. I find this user
5. If everything is ok - next(); and then I give some data
6. If there is no token or user, then I send an error message
Is this how the system of work with tokens is built? Are there any other steps needed or vice versa - some are superfluous here? I found a lot of information on how to register and log in correctly, but there is little information about working with closed routes and checking tokens.