if (!authHeader) {
        const err = {err: 'invalid_authorization', des: 'required authorization header'};
        res.send(401, err);
        return next(err);
    }