Untitled

function isAllowed(req, res, next) {
  let decodeToken = jwt.decode(req.cookies.token, JwtOptions.secretOrKey);

  db.users.findById(decodeToken.id).then(data => {
      if (data == null) {
        throw {
          success: false,
          message: 'User token not found'
        }
      }

      req.session.user = data; // hz dolzno prokinutj
      next();
  })
  .catch(function (err) {
      res.status(401).send(err.message);
  });
}

app.get('/api/orders', isAllowed, function (req, res) {
  db.ordersfindAll({
    where: {
      userId: req.session.user.id
    }
  })
  .then(orders =>  res.json({message: 'OK', body: orders}));
});