dougal-software/lib/www/server/api/middleware/auth/jwt.js

const {expressjwt: expressJWT} = require('express-jwt');

const cfg = require("../../../lib/config").jwt;

const getToken = function (req) {
	if (req.headers.authorization && req.headers.authorization.split(' ')[0] == 'Bearer') {
		return req.headers.authorization.split(' ')[1];
	} else if (req.cookies.JWT) {
		return req.cookies.JWT;
	}
	return null;
}

const options = {
	secret: cfg.secret,
	credentialsRequired: false,
	algorithms: ['HS256'],
	getToken
};

const allow = {
	path: [/\/login$/, /\/logout$/, /\/$/, /\/version$/],
	useOriginalUrl: false
};

module.exports = expressJWT(options).unless(allow);