Skip to main content
GET
/
api
/
auth
/
get-me
Get Current User
curl --request GET \
  --url https://api.example.com/api/auth/get-me
{
  "message": "Token not provided."
}

Description

Retrieves the profile information of the currently authenticated user. This endpoint requires a valid JWT token in the cookie.
This is a protected endpoint that requires authentication. The authUser middleware validates the JWT token before processing the request.

Authentication

This endpoint requires a valid JWT token to be present in the token cookie. The token is automatically included when using the same session that performed login or registration.

Authentication Middleware

The authUser middleware performs the following checks:
  1. Verifies the token cookie is present
  2. Checks if the token is blacklisted (logged out)
  3. Verifies the token signature using JWT_SECRET
  4. Decodes the token and attaches user info to req.user

Request

No request body or query parameters required. Authentication is handled via the token cookie.

Response

message
string
Success message indicating user details were fetched successfully
user
object
The current user’s profile information

Success Response (200)

{
  "message": "User details fetched successfully",
  "user": {
    "id": "507f1f77bcf86cd799439011",
    "username": "johndoe",
    "email": "[email protected]"
  }
}

Error Responses

{
  "message": "Token not provided."
}

Example Request

curl -X GET https://api.example.com/api/auth/get-me \
  -b cookies.txt

Implementation Details

  • Protected endpoint: Requires authUser middleware
  • Token must be present in the token cookie
  • Token must not be blacklisted (user must not have logged out)
  • Token must have a valid signature and not be expired
  • User ID is extracted from the decoded JWT token (req.user.id)
  • User data is fetched fresh from the database using the ID
  • Password field is excluded from the response

Common Use Cases

Call this endpoint on app initialization to verify if the user is still authenticated. If it returns 401, redirect to the login page.
Use this endpoint to fetch and display the current user’s profile information in the application header or profile section.
Before performing sensitive operations, call this endpoint to ensure the user’s session is still valid and hasn’t been logged out.

Security Considerations

This endpoint validates that:
  • The token exists and is properly formatted
  • The token hasn’t been blacklisted (logged out)
  • The token signature is valid and hasn’t been tampered with
  • The token hasn’t expired (1-day expiration from creation)

Build docs developers (and LLMs) love

Get started for freeTalk to us