Recently I started to develop a web system using NodeJs, Express and MySQL. In broad strokes, my system consists of an administrator panel and a backend to which mobile phones communicate through apis. The part that I need is the security one, I have read that I can use JWT to protect the APIs but I do not know if there are tools to validate from the beginning of the session (admin panel) and thus allow only the administrator to see the contents of the Web. I do not know if someone knows of some mddleware for example to protect the web part and the backend in the calls to the apis, perhaps by bearer tokens for example. Greetings.