TA-3: add auth middleware and get logged in user object (#21)

UTSCCSCC01 · Oct 1, 2022 · c4b177c · c4b177c
1 parent a5944d8
commit c4b177c
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 19 deletions.
diff --git a/server/controller/controller.js b/server/controller/controller.js
@@ -12,7 +12,7 @@ const User = require('../models/User');
 //controller to delete a user from the "database"
 exports.deleteUser = async (request, response) => {
     try {
-        await User.findByIdAndDelete(request.userID);
+        await User.findByIdAndDelete(request.user._id);
         response.json({message: "User deleted"});
     } catch(error) {
         console.log(error.message);

diff --git a/server/middleware/auth.js b/server/middleware/auth.js
@@ -0,0 +1,16 @@
+const jsonwebtoken = require('jsonwebtoken');
+const constants = require('../config/constants.json');
+
+module.exports = (request, response, next) => {
+    const token = request.header('x-auth-token');
+    if(!token){
+        return response.status(401).json({message: 'No token, authorization denied'});
+    }
+    try {
+        const decoded = jsonwebtoken.verify(token, constants.jsonwebtokenSecret);
+        request.user = decoded.user;
+        next();
+    } catch(error) {
+        response.status(401).json({message: 'Invalid token'});
+    }
+}
diff --git a/server/routes/auth.js b/server/routes/auth.js
@@ -5,21 +5,7 @@ const User = require("../models/User");
 const jsonwebtoken = require('jsonwebtoken');
 const constants = require('../config/constants.json');
 const bcrypt = require('bcryptjs');
-
-const auth = (request, response, next) => {
-    const token = request.header('x-auth-token');
-
-    if(!token){
-        return response.status(401).json({message: 'No token, authorization denied'});
-    }
-    try {
-        const decoded = jsonwebtoken.verify(token, constants.jsonwebtokenSecret);
-        request.userID = decoded.userID;
-        next();
-    } catch(error) {
-        response.status(401).json({message: 'Token is not valid'});
-    }
-}
+const auth = require('../middleware/auth');
 
 //http://localhost:8000/api/auth
 
@@ -28,8 +14,15 @@ const auth = (request, response, next) => {
     DESC: Get logged in user
     ACCESS: Private (getting user thats logged in so it should be private)
 */
-router.get('/', (request, response) => { // note: it is just a slash since we defined the route already in server.js
-    response.send('Fetch logged in user');
+router.get('/', auth, async (request, response) => { // note: it is just a slash since we defined the route already in server.js
+    try{
+        //request.user is assigned in the middleware (auth) 
+        const user = await User.findById(request.user.id).select('-password');
+        response.json(user);
+    }catch (error) {
+        console.log(error.message);
+        response.status(500); 
+    }
 }); 
 
 /*

diff --git a/server/routes/users.js b/server/routes/users.js
@@ -5,7 +5,7 @@ const User = require("../models/User");
 const jsonwebtoken = require('jsonwebtoken');
 const constants = require('../config/constants.json');
 const bcrypt = require('bcryptjs');
-const auth = require('../routes/auth');
+const auth = require('../middleware/auth');
 const controller = require('../controller/controller');