Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- *
- * Example of authenticating users based on the combination of session cookies and JSON Web Tokens
- * Please note that these examples are largely pseudo-code and that you'll need to implement the token validation and
- * signing yourself.
- *
- */
- /* Assuming the credentials are correct we issue a cookie containing the JWT with the httpOnly flag set to true.
- We will respond to the client with just the JWT Payload in plain text. */
- router.post('/login', async (req, res) => {
- try {
- let { email, password } = req.body;
- let data = await Users.login(email, password);
- res.cookie('token', data.token, { httpOnly: true }).send(data.payload);
- } catch (err) {
- res.status(err.status).send(err);
- }
- });
- /* To validate the request on the protected route we simply verify the token that's included in the session cookie we issued previously. Here is an example of a middleware used on all routes we want to protect. */
- router.use((req, res, next) => {
- try {
- let token = req.cookies.token;
- Authorization.authorize(token);
- next();
- } catch (err) {
- res.status(err.status).send(err);
- }
- });
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement