I would recommend you working with your Auth middleware function. In this function, you retrieve the user data from mongoDB (searching by token) and pass the user to your request object.
Doing so, you will always have the current user object within all authenticated routes.
First change your Auth middleware like so:
const auth = async (req, res, next) => {
try {
// Try to find user
const token = req.header('Authorization').replace('Bearer ', '')
const decoded = jwt.verify(token, 'thejwtsecret')
const user = await User.findOne({ _id: decoded._id, 'tokens.token': token })
// If user not found, throw error
if (!user) {
throw new Error()
}
// Else, add user data and toke into request object
req.token = token
req.user = user
// Keep going
next()
} catch (e) {
// User not authenticated
res.status(401).send({ error: 'Please authenticate.' })
}
}
module.exports = auth
You said you have a Sauces collection, and a delete route, with this new middleware the user data will be easily accessible inside the request object:
router.delete('/sauces', auth, async (req, res) => {
// req.user is your current user object
// req.token is the token of the current user
});