Skip to main content
GET
/
api
/
auth
/
me
Get Current User
curl --request GET \
  --url https://api.example.com/api/auth/me
{
  "user": {
    "user_id": "<string>",
    "email": "<string>",
    "name": "<string>",
    "surname": "<string>",
    "role": {},
    "status": {},
    "document_type": {},
    "document_number": "<string>",
    "phone": "<string>",
    "created_at": "<string>"
  }
}

Overview

The /api/auth/me endpoint returns the profile information of the currently authenticated user based on their JWT token. This endpoint is useful for:
  • Verifying token validity
  • Retrieving up-to-date user information
  • Checking user account status
  • Implementing “stay logged in” functionality

Authentication

This endpoint is protected and requires a valid JWT token.

Token Requirements

You must include your JWT token in one of two ways: Option 1: Authorization Header (Recommended) 
Authorization: Bearer <your_jwt_token>
Option 2: Cookie 
Cookie: auth_token=<your_jwt_token>

Authentication Flow

All requests to /api/* endpoints (except public routes like /api/auth/login) are automatically validated by the authentication middleware at server/middleware/auth.ts. The middleware:
  1. Extracts the token from the Authorization header or auth_token cookie
  2. Verifies the token signature using verifyToken() from server/utils/jwt.ts
  3. Decodes the JWT payload containing { userId, email, role }
  4. Attaches the decoded user data to event.context.user
  5. Returns 401 error if token is missing, invalid, or expired
Source: server/middleware/auth.ts:22-55

Request

No request body or query parameters required. The user is identified from the JWT token.

Response

user
object
Current user’s profile information

Error Responses

401 Unauthorized
Status Message: “Unauthorized: Token is missing or invalid” or “Unauthorized: Session expired or invalid token”Returned when:
  • No Authorization header or auth_token cookie is provided
  • The JWT token is malformed or has an invalid signature
  • The JWT token has expired (default expiration: 24 hours)
  • The token payload does not contain a valid userId
Middleware Source: server/middleware/auth.ts:36-39 and server/middleware/auth.ts:51-54
403 Forbidden
Status Message: “Cuenta inactiva o no encontrada. Contacta con soporte admin.”Returned when:
  • The user account associated with the token no longer exists
  • The user account status is not ON (account has been deactivated)
Source: server/api/auth/me.get.ts:31-35

Code Examples

# Using Authorization header
curl -X GET https://api.beils.com/api/auth/me \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Response Example

Success Response (200)
{
  "user": {
    "user_id": "550e8400-e29b-41d4-a716-446655440000",
    "email": "[email protected]",
    "name": "María",
    "surname": "García",
    "role": "USER",
    "status": "ON",
    "document_type": "DNI",
    "document_number": "12345678A",
    "phone": "+34612345678",
    "created_at": "2024-01-15T10:30:00.000Z"
  }
}
Error Response (401)
{
  "statusCode": 401,
  "statusMessage": "Unauthorized: Token is missing or invalid"
}
Error Response (403)
{
  "statusCode": 403,
  "statusMessage": "Cuenta inactiva o no encontrada. Contacta con soporte admin."
}

Implementation Details

JWT Token Structure

Tokens are generated with the following payload: 
interface JwtPayload {
  userId: string;
  email: string;
  role: string;
  iat: number;  // Issued at timestamp
  exp: number;  // Expiration timestamp
}
Source: server/utils/jwt.ts:5-9

Token Generation

Tokens are created using the signToken function: 
export const signToken = (payload: object, expiresIn: string | number = '24h') => {
  return jwt.sign(payload, JWT_SECRET, { expiresIn: expiresIn as any });
}
  • Algorithm: HS256 (HMAC with SHA-256)
  • Secret: Configured via JWT_SECRET environment variable
  • Default Expiration: 24 hours
  • Fallback Secret: 'super-secret-tp-plus-dashboard' (development only)
Source: server/utils/jwt.ts:11-13

Token Verification

Tokens are validated using the verifyToken function: 
export const verifyToken = (token: string): JwtPayload | null => {
  try {
    return jwt.verify(token, JWT_SECRET) as JwtPayload;
  } catch (error) {
    return null;
  }
}
This function returns null if the token is:
  • Expired
  • Malformed
  • Signed with a different secret
  • Otherwise invalid
Source: server/utils/jwt.ts:15-21

User Data Selection

The endpoint explicitly selects only the following fields from the database for security: 
select: {
  user_id: true,
  email: true,
  name: true,
  surname: true,
  role: true,
  status: true,
  document_type: true,
  document_number: true,
  phone: true,
  created_at: true,
}
Sensitive fields like password, refresh_token, and address information are never returned. Source: server/api/auth/me.get.ts:17-28

Token Best Practices

Security

  1. Store tokens securely: Use HTTP-only cookies or secure storage mechanisms
  2. Never expose tokens: Don’t log tokens or include them in URLs
  3. Set appropriate expiration: Default 24 hours balances security and UX
  4. Use HTTPS: Always transmit tokens over encrypted connections
  5. Rotate secrets: Change JWT_SECRET periodically in production

Token Refresh Strategy

The API currently uses 24-hour access tokens. For extended sessions:
  1. Store the token securely on the client
  2. Check token validity before each request
  3. Redirect to login when receiving 401 errors
  4. Consider implementing refresh tokens for seamless re-authentication

Protected Routes

The following routes are public and don’t require authentication:
  • /api/auth/login
  • /api/hello
All other /api/* routes require a valid JWT token. Source: server/middleware/auth.ts:7

Common Use Cases

Verify Token Validity

async function isTokenValid(token) {
  try {
    const response = await fetch('https://api.beils.com/api/auth/me', {
      headers: { 'Authorization': `Bearer ${token}` }
    });
    return response.ok;
  } catch (error) {
    return false;
  }
}

Auto-Login on App Load

async function autoLogin() {
  const token = localStorage.getItem('auth_token');
  if (!token) return null;
  
  try {
    const response = await fetch('https://api.beils.com/api/auth/me', {
      headers: { 'Authorization': `Bearer ${token}` }
    });
    
    if (response.ok) {
      const { user } = await response.json();
      return user;
    }
  } catch (error) {
    localStorage.removeItem('auth_token');
  }
  
  return null;
}

Role-Based Access Control

async function checkAdminAccess(token) {
  const response = await fetch('https://api.beils.com/api/auth/me', {
    headers: { 'Authorization': `Bearer ${token}` }
  });
  
  const { user } = await response.json();
  return user.role === 'ADMIN';
}
  • Login - Obtain a JWT token by authenticating with email and password

Build docs developers (and LLMs) love

Get started for freeTalk to us