jwt auth workflow

server/loaders/passport.js

@@ -1,6 +1,6 @@
 const passport = require('passport');
-const { Strategy } = require('passport-local');
-const AuthController = require('../controllers/authController');
+const JwtStrategy = require('passport-jwt').Strategy;
+const { ExtractJwt } = require('passport-jwt');
 
 async function passportLoader(app) {
     app.use(passport.initialize());
@@ -18,24 +18,20 @@ async function passportLoader(app) {
         })
     })
 
-    passport.use(new Strategy({ usernameField: "email", passwordField: "password" }, async (email, password, done) => {
-        console.log('calling local strategy');
-        console.log(email, password);
+    // config for jwt strategy
+    let opts = {
+        jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+        secretOrKey: 'secret'
+    }
 
+    // jwt strategy
+    passport.use(new JwtStrategy(opts, async (token, done) => {
         try {
-            console.log('before response')
-            const response = await AuthController.login({ email: email, password: password });
-            console.log(response);
-            
-            if (response && response.ok) {
-                return done(null, response.data.data);
-            } else {
-                return done(null, false);
-            }
+            return done(null, token.user);
         } catch (error) {
-            return done(error);
+            done(error);
         }
-    }))
+    }));
 
     return passport;
 }

server/package.json

@@ -18,7 +18,9 @@
     "dotenv": "^16.0.3",
     "express": "^4.18.2",
     "express-session": "^1.17.3",
+    "jsonwebtoken": "^9.0.0",
     "passport": "^0.6.0",
+    "passport-jwt": "^4.0.1",
     "passport-local": "^1.0.0",
     "pg": "^8.9.0"
   },

server/routes/auth.js

@@ -1,6 +1,9 @@
 const AuthController = require('../controllers/authController');
-
+const jwt = require('jsonwebtoken');
 const router = require('express').Router();
+require('dotenv').config();
+
+const secret = process.env.SECRET;
 
 async function authRoute(app, passport) {
     router.post('/register', async (req, res) => {
@@ -17,18 +20,36 @@ async function authRoute(app, passport) {
     router.post('/login', passport.authenticate('local'), async (req, res, next) => {
         try {
             const data = req.body;
-            const response = await AuthController.login(data);
+            let response = await AuthController.login(data);
 
             if (!response || !response.ok) {
                 res.status(response.code || 400).send(response.data || "Something went wrong");
             } else {
-                req.user = response.data;
-                req.session.user = response.data;
+                // flatten controller responses
+                while (response.data) {
+                    response = response.data;
+                }
+
+                req.user = response;
+                req.session.user = response;
+
+                // exclude sensitive data from being stored client side
+                const safeUserData = {
+                    id: response.id,
+                    username: response.username,
+                    email: response.email,
+                    created: response.created,
+                    modified: response.modified
+                }
+
+                const token = jwt.sign({ user: safeUserData }, secret);
+                req.session.token = token;
+
                 req.session.save((err) => {
                     return next(err);
                 })
 
-                res.send(response.data);
+                res.json({ token });
             }
         } catch (error) {
             next(error);

server/routes/index.js

@@ -2,15 +2,6 @@ const authRoute = require("./auth");
 const itemRoute = require("./item");
 
 async function routesLoader(app, passport) {
-    app.use('/', (req, res, next) => {
-        console.log(req.user || "no user");
-        next();
-    })
-
-    app.get('/', (req, res) => {
-        res.send(req.session);
-    })
-
     app.use('/auth', await authRoute(app, passport));
     app.use('/app', await itemRoute(app, passport));
 }

server/routes/item.js

@@ -1,14 +1,20 @@
+const jwt = require('jsonwebtoken');
+require('dotenv').config();
 const router = require('express').Router();
 const ItemController = require('../controllers/ItemController');
 
-function itemRoute(app, passport) {
+async function itemRoute(app, passport) {
     router.use('/', (req, res, next) => {
-        if (req.user == null) {
-            res.status(403).send("Unauthorized");
-            return;
-        } else {
-            next();
-        }
+        console.log('check for jwt');
+        const token = req.headers['authorization'].split(" ")[1];
+        jwt.verify(token, process.env.SECRET, (err, data) => {
+            if (err) {
+                res.status(403).send(err);
+            } else {
+                req.user = data;
+                next();
+            }
+        })
     })
 
     router.get('/item', async (req, res) => {