From c4b177c1cbdc21e2578299ea1215714031c89d2b Mon Sep 17 00:00:00 2001 From: Andrew Qian <51491033+andrewqian2001@users.noreply.github.com> Date: Thu, 29 Sep 2022 14:09:56 -0400 Subject: [PATCH] TA-3: add auth middleware and get logged in user object (#21) --- server/controller/controller.js | 2 +- server/middleware/auth.js | 16 ++++++++++++++++ server/routes/auth.js | 27 ++++++++++----------------- server/routes/users.js | 2 +- 4 files changed, 28 insertions(+), 19 deletions(-) create mode 100644 server/middleware/auth.js diff --git a/server/controller/controller.js b/server/controller/controller.js index ca14f7e..726272a 100644 --- a/server/controller/controller.js +++ b/server/controller/controller.js @@ -12,7 +12,7 @@ const User = require('../models/User'); //controller to delete a user from the "database" exports.deleteUser = async (request, response) => { try { - await User.findByIdAndDelete(request.userID); + await User.findByIdAndDelete(request.user._id); response.json({message: "User deleted"}); } catch(error) { console.log(error.message); diff --git a/server/middleware/auth.js b/server/middleware/auth.js new file mode 100644 index 0000000..f32556e --- /dev/null +++ b/server/middleware/auth.js @@ -0,0 +1,16 @@ +const jsonwebtoken = require('jsonwebtoken'); +const constants = require('../config/constants.json'); + +module.exports = (request, response, next) => { + const token = request.header('x-auth-token'); + if(!token){ + return response.status(401).json({message: 'No token, authorization denied'}); + } + try { + const decoded = jsonwebtoken.verify(token, constants.jsonwebtokenSecret); + request.user = decoded.user; + next(); + } catch(error) { + response.status(401).json({message: 'Invalid token'}); + } +} \ No newline at end of file diff --git a/server/routes/auth.js b/server/routes/auth.js index 8ea925f..52b73db 100644 --- a/server/routes/auth.js +++ b/server/routes/auth.js @@ -5,21 +5,7 @@ const User = require("../models/User"); const jsonwebtoken = require('jsonwebtoken'); const constants = require('../config/constants.json'); const bcrypt = require('bcryptjs'); - -const auth = (request, response, next) => { - const token = request.header('x-auth-token'); - - if(!token){ - return response.status(401).json({message: 'No token, authorization denied'}); - } - try { - const decoded = jsonwebtoken.verify(token, constants.jsonwebtokenSecret); - request.userID = decoded.userID; - next(); - } catch(error) { - response.status(401).json({message: 'Token is not valid'}); - } -} +const auth = require('../middleware/auth'); //http://localhost:8000/api/auth @@ -28,8 +14,15 @@ const auth = (request, response, next) => { DESC: Get logged in user ACCESS: Private (getting user thats logged in so it should be private) */ -router.get('/', (request, response) => { // note: it is just a slash since we defined the route already in server.js - response.send('Fetch logged in user'); +router.get('/', auth, async (request, response) => { // note: it is just a slash since we defined the route already in server.js + try{ + //request.user is assigned in the middleware (auth) + const user = await User.findById(request.user.id).select('-password'); + response.json(user); + }catch (error) { + console.log(error.message); + response.status(500); + } }); /* diff --git a/server/routes/users.js b/server/routes/users.js index f6c6cff..e663609 100644 --- a/server/routes/users.js +++ b/server/routes/users.js @@ -5,7 +5,7 @@ const User = require("../models/User"); const jsonwebtoken = require('jsonwebtoken'); const constants = require('../config/constants.json'); const bcrypt = require('bcryptjs'); -const auth = require('../routes/auth'); +const auth = require('../middleware/auth'); const controller = require('../controller/controller');