Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- const express = require('express');
- var bcrypt = require('bcrypt');
- const app = express();
- const port = 3000;
- const bodyParser = require('body-parser');
- const jwt = require('jsonwebtoken');
- const passport = require('passport');
- const passportJwt = require('passport-jwt');
- const { Strategy, ExtractJwt } = passportJwt;
- const secretToken = 'secret';
- const jwtOptions = {
- jwtFromRequest: ExtractJwt.fromAuthHeaderWithScheme('jwt'),
- secretOrKey: secretToken
- };
- app.use(bodyParser.urlencoded({ extended: true }));
- app.use(bodyParser.json());
- const fakeUser = { email: 'admin', password: createHash('admin'), id: 1 }
- passport.use(new Strategy(jwtOptions, (payload, next) => {
- console.info('payload>>>>', payload)
- if (payload.id === fakeUser.id) {
- return next(null, { user: 'user' });
- }
- return next(null, false);
- }));
- app.use(passport.initialize());
- app.get('/', (req, res) => {
- res.json({
- message: 'App is running...'
- })
- })
- app.use('/api', passport.authenticate('jwt', {session: false}), (req, res) => {
- res.json({
- message: 'Protected Route!!!!!!'
- })
- });
- app.listen(port, () => console.info(`Starting app on PORT: ${port}`))
- app.post("/signin", (req, res) => {
- const { email, password } = req.body;
- // todo: call to db here
- const user = fakeUser;
- // check for password
- if(!user || !comparePass('admin', user.password)) return authError(res);
- const payload = {id: user.id};
- const token = jwt.sign(payload, jwtOptions.secretOrKey);
- res.json({message: "ok", token: token});
- });
- // Utils
- function authError(res) {
- return res.status(401).json({message:"Invalid email or password"})
- }
- function createHash(password) {
- const saltRounds = 10;
- return bcrypt.hashSync(password, saltRounds);
- }
- function comparePass(password, hash) {
- return bcrypt.compareSync(password, hash);
- }
Add Comment
Please, Sign In to add comment
