apiRoutes.post('/authenticate', function(req, res) { // find the user Us

1. apiRoutes.post('/authenticate', function(req, res) {
2.  
3. // find the user
4. User.findOne({
5. name: req.body.name
6. }, function(err, user) {
7.  
8. if (err) throw err;
9.  
10. if (!user) {
11. res.json({ success: false, message: 'Authentication failed. User not found.' });
12. } else if (user) {
13.  
14. // check if password matches
15. if (user.password != req.body.password) {
16. res.json({ success: false, message: 'Authentication failed. Wrong password.' });
17. } else {
18.  
19. // if user is found and password is right
20. // create a token with only our given payload
21. // we don't want to pass in the entire user since that has the password
22. const payload = {
23. admin: user.admin
24. };
25. var token = jwt.sign(payload, app.get('superSecret'), {
26. expiresInMinutes: 1440 // expires in 24 hours
27. });
28.  
29. // return the information including token as JSON
30. res.json({
31. success: true,
32. message: 'Enjoy your token!',
33. token: token
34. });
35. }
36.  
37. }
38.  
39. });
40. });