API tools faq
paste
Guest User

Untitled

a guest
Feb 13th, 2017
90
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.31 KB | None | 0 0
raw download clone embed print report
  1. // file: index.js
  2.  
  3. var _ = require("lodash");
  4. var express = require("express");
  5. var bodyParser = require("body-parser");
  6. var jwt = require('jsonwebtoken');
  7.  
  8. var passport = require("passport");
  9. var passportJWT = require("passport-jwt");
  10.  
  11. var ExtractJwt = passportJWT.ExtractJwt;
  12. var JwtStrategy = passportJWT.Strategy;
  13.  
  14. var users = [
  15. {
  16. id: 1,
  17. name: 'jonathanmh',
  18. password: '%2yx4'
  19. },
  20. {
  21. id: 2,
  22. name: 'test',
  23. password: 'test'
  24. }
  25. ];
  26.  
  27. var jwtOptions = {}
  28. jwtOptions.jwtFromRequest = ExtractJwt.fromAuthHeader();
  29. jwtOptions.secretOrKey = 'tasmanianDevil';
  30.  
  31. var strategy = new JwtStrategy(jwtOptions, function(jwt_payload, next) {
  32. console.log('payload received', jwt_payload);
  33. // usually this would be a database call:
  34. var user = users[_.findIndex(users, {id: jwt_payload.id})];
  35. if (user) {
  36. next(null, user);
  37. } else {
  38. next(null, false);
  39. }
  40. });
  41.  
  42. passport.use(strategy);
  43.  
  44. var app = express();
  45. app.use(passport.initialize());
  46.  
  47. // parse application/x-www-form-urlencoded
  48. // for easier testing with Postman or plain HTML forms
  49. app.use(bodyParser.urlencoded({
  50. extended: true
  51. }));
  52.  
  53. // parse application/json
  54. app.use(bodyParser.json())
  55.  
  56. app.get("/", function(req, res) {
  57. res.json({message: "Express is up!"});
  58. });
  59.  
  60. app.post("/login", function(req, res) {
  61. if(req.body.name && req.body.password){
  62. var name = req.body.name;
  63. var password = req.body.password;
  64. }
  65. // usually this would be a database call:
  66. var user = users[_.findIndex(users, {name: name})];
  67. if( ! user ){
  68. res.status(401).json({message:"no such user found"});
  69. }
  70.  
  71. if(user.password === req.body.password) {
  72. // from now on we'll identify the user by the id and the id is the only personalized value that goes into our token
  73. var payload = {id: user.id};
  74. var token = jwt.sign(payload, jwtOptions.secretOrKey);
  75. res.json({message: "ok", token: token});
  76. } else {
  77. res.status(401).json({message:"passwords did not match"});
  78. }
  79. });
  80.  
  81. app.get("/secret", passport.authenticate('jwt', { session: false }), function(req, res){
  82. res.json({message: "Success! You can not see this without a token"});
  83. });
  84.  
  85. app.get("/secretDebug",
  86. function(req, res, next){
  87. console.log(req.get('Authorization'));
  88. next();
  89. }, function(req, res){
  90. res.json("debugging");
  91. });
  92.  
  93. app.listen(3000, function() {
  94. console.log("Express running");
  95. });
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!