express-blog-api/middleware/sameUser.js

const jwt = require("jsonwebtoken");

const sameUser = (req, res, next) => {
  // get token
  const token = req.cookies.JWT_TOKEN;
  // extract username from token
  const username = jwt.verify(token, process.env.SECRET_KEY).username;
  // if different usernames
  if (username != req.params.username) {
    return res.status(403).json({
      message: "Not authorized!",
    });
  }
  // otherwise all good
  return next();
};

module.exports = sameUser;