Due to setting of "req.user = data" can be exploited and gain access of another user when we use that persons's JWT token