fter we've added REST endpoint for authentication (#98), we can add authorization to our existing endpoints.
In order to do authorization (check user access rights) each REST API endpoint should accept an "Authorization" header. With "Bearer" scheme and our JWT token.
Each endpoint should parse JWT token from Authorization header and check if there is such user in our database. If header is not provided return 401. If user is not found return 403.
Since this authorization check has to be in every endpoint, we need to move this logic into separate function to avoid duplication.
So in the scope of this task we need to add JWT authorization to every REST endpoint.
fter we've added REST endpoint for authentication (#98), we can add authorization to our existing endpoints.
In order to do authorization (check user access rights) each REST API endpoint should accept an "Authorization" header. With "Bearer" scheme and our JWT token.
Each endpoint should parse JWT token from Authorization header and check if there is such user in our database. If header is not provided return 401. If user is not found return 403.
Since this authorization check has to be in every endpoint, we need to move this logic into separate function to avoid duplication.
So in the scope of this task we need to add JWT authorization to every REST endpoint.