From a3f147d2cff04d1f4f90d54f05db0aac74308c17 Mon Sep 17 00:00:00 2001 From: aninda052 Date: Wed, 30 Aug 2023 21:09:26 +0600 Subject: [PATCH] feat: set `currentUser` with every request (#35) --- server/src/middleware/auth.js | 23 +++++++++++++++++++ .../src/modules/authentication/controller.js | 18 ++++++--------- server/src/modules/models/user/controller.js | 2 +- server/src/server.js | 6 +++-- 4 files changed, 35 insertions(+), 14 deletions(-) create mode 100644 server/src/middleware/auth.js diff --git a/server/src/middleware/auth.js b/server/src/middleware/auth.js new file mode 100644 index 0000000..43f77bc --- /dev/null +++ b/server/src/middleware/auth.js @@ -0,0 +1,23 @@ +const jwt = require("jsonwebtoken"); +const { User } = require('../modules/db/collections'); + +const setCurrentUser = async (req, res, next) => { + const token = req.headers.authorization ?? ''; + req.user = null; + + if (token) { + await jwt.verify(token.split(' ')[1], process.env.JWT_SECRET, async function(err, payLOad){ + if(payLOad){ + req.user = await User.getObjectById(payLOad._id); + } + }); + + } + next(); +}; + + +module.exports = { + setCurrentUser +} + diff --git a/server/src/modules/authentication/controller.js b/server/src/modules/authentication/controller.js index 72534d0..2e56a0e 100644 --- a/server/src/modules/authentication/controller.js +++ b/server/src/modules/authentication/controller.js @@ -1,6 +1,6 @@ const { loginValidate, authenticate } = require('./request'); -const { generateJwtToken } = require('./utils') -const { setCookie } = require('../../utils/cookie') +const { generateJwtToken } = require('./utils'); +const { setCookie } = require('../../utils/cookie'); const setupRoutes = (app) => { @@ -9,8 +9,8 @@ const setupRoutes = (app) => { const loginValidationResult = loginValidate(req.body); if (!loginValidationResult.error) { - const { email, password } = req.body - const authenticationResult = await authenticate(email, password) + const { email, password } = req.body; + const authenticationResult = await authenticate(email, password); if(authenticationResult.isAuthenticate){ @@ -19,14 +19,10 @@ const setupRoutes = (app) => { name: authenticationResult.user.name }); - setCookie(res, 'Bearer', jwtToken, { - httpOnly: true, - secure: process.env.NODE_ENV !== 'development', // Use secure cookies in production - sameSite: 'strict', // Prevent CSRF attacks - maxAge: 2 * 24 * 60 * 60 * 1000, // 2 days + return res.status(200).json({ + user: authenticationResult.user, + accessToken: jwtToken }); - - return res.status(200).json({user: authenticationResult.user }); } else{ return res.status(401).json({message: authenticationResult.message }); diff --git a/server/src/modules/models/user/controller.js b/server/src/modules/models/user/controller.js index ab4ac49..e91d5cb 100644 --- a/server/src/modules/models/user/controller.js +++ b/server/src/modules/models/user/controller.js @@ -7,7 +7,7 @@ const BASE_URL = `/api/user`; const setupRoutes = (app) => { - app.post(`${BASE_URL}/registration`, async (req, res) => { + app.post(`/api/registration`, async (req, res) => { const validationResult = validate(req.body); diff --git a/server/src/server.js b/server/src/server.js index d45583e..a178c22 100644 --- a/server/src/server.js +++ b/server/src/server.js @@ -6,8 +6,10 @@ const eventEmitter = require('./event-manager').getInstance(); const PORT = 4000; const setup = async () => { - const { setup: setupVideoModule } = - await require('./modules/models/video/controller'); + const { setCurrentUser } = await require('./middleware/auth'); + app.use(setCurrentUser); + + const { setup: setupVideoModule } = await require('./modules/models/video/controller'); setupVideoModule(app); const { setup: setupRoleModule } = await require('./modules/models/role/controller');