0% found this document useful (0 votes)

47 views7 pages

5JWT and Middleware in N odeJS

Nodejs

Uploaded by

samit shrestha

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

47 views7 pages

5JWT and Middleware in N odeJS

Nodejs

Uploaded by

samit shrestha

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

JWT and middleware in NodeJS

Middleware/verifyToken.js

const User = require("../models/User");

const jwt = require("jsonwebtoken");

const verifyToken = (req, res, next) => {

const authHeader = req.headers.authorization;

if (authHeader) {
const token = authHeader.split(" ")[1];

jwt.verify(token, process.env.SECRET, async (err, user) => {

if (err) {
console.error("Error verifying token:", err);
return res.status(403).json("Invalid token");
}

req.user = user;
console.log(user);
next();
});
} else {
return res.status(401).json("You are not authenticated");
}
};

const VerifyAndAuthorization = (req, res, next) => {

verifyToken(req, res, () => {
if (req.user.id === req.params.id) {
next();
} else {
res.status(403).json("You are restricted from performing this
operation");
}
});
};

module.exports = { verifyToken, VerifyAndAuthorization };

routes/user.js

const userController = require("../controllers/userController");

const {
VerifyAndAuthorization,
verifyToken,
} = require("../middleware/verifyToken");

const router = require("express").Router();

// Update user
router.put("/:id", VerifyAndAuthorization, userController.updateUser);

module.exports = router;

controllers/usercontroller

const User = require("../models/User");

const CryptoJS = require("crypto-js");

module.exports = {
updateUser: async (req, res) => {
if (req.body.password) {
req.body.password = CryptoJS.AES.encrypt(
req.body.password,
process.env.SECRET
).toString();
}

try {
const updateUser = await User.findByIdAndUpdate(
req.params.id,
{ $set: req.body },
{ new: true }
);
const { password, __v, createdAt, ...others } =
updateUser.toObject();
res.status(200).json(others);
} catch (error) {
console.error(error);
res.status(500).json("Internal Server Error");
}
},
};

};

Index.js
const express = require("express");
const app = express();
const dotenv = require("dotenv");
const mongoose = require("mongoose");
const authRoute = require("./routes/auth");
const userRoute = require("./routes/user");

dotenv.config();

mongoose
.connect(process.env.MONGO_URL)
.then(() => console.log("db_connected"))
.catch((err) => {
console.log(err);
});

app.use(express.json());
app.use("/api/", authRoute);
app.use("/api/users", userRoute);

app.listen(
process.env.PORT || 5002,
console.log(
`Example app listening on port http://localhost:${process.env.PORT}`
)
);

Contollers/authcontroller

const User = require("../models/User");

const CryptoJS = require("crypto-js");
const jwt = require("jsonwebtoken");

module.exports = {
// controllers/authController.js
// ...

createUser: async (req, res) => {

const newUser = new User({
username: req.body.username,
email: req.body.email,
// CryptoJS.AES.encrypt(req.body.password, process.env.SECRET);

password: CryptoJS.AES.encrypt(
req.body.password,
process.env.SECRET
).toString(),
});
try {
const savedUser = await newUser.save();
res.status(201).json(savedUser);
} catch (error) {
res.status(500).json(error);
}
},
loginUser: async (req, res) => {
try {
const user = await User.findOne({ email: req.body.email });
if (!user) return res.status(401).json("Wrong login details");

const decryptedPass = CryptoJS.AES.decrypt(

user.password,
process.env.SECRET
);
const decryptedPassword =
decryptedPass.toString(CryptoJS.enc.Utf8);

if (decryptedPassword !== req.body.password) {

return res.status(401).json("Wrong password");
}

// Generate a token for the logged-in user

const token = jwt.sign({ id: user._id }, process.env.SECRET);

// Exclude sensitive information from the user data

const { password, __v, createdAt, ...userData } = user._doc;
// Send the user details and token in the response
res.status(200).json({ ...userData, token });
} catch (error) {
console.error(error);
res.status(500).json({ error: "Internal Server Error" });
}
},
};

.env

PORT = 5001

MONGO_URL
=mongodb+srv://samitshrestha29:[email protected]/
dbtechJOB
SECRET= jobhub2023

Models/user.js

const mongoose = require("mongoose");

const UserSchema = new mongoose.Schema(

{
username: { type: String, required: true, unique: true },
email: { type: String, required: true, unique: true },
password: { type: String, required: true },
location: { type: String, required: false },
isAdmin: { type: Boolean, default: false },
isAgent: { type: Boolean, default: false },
skills: { type: Array, default: false },
profile: {
type: String,
required: true,
default:
"https://images.pexels.com/photos/213780/pexels-photo-
213780.jpeg?auto=compress&cs=tinysrgb&dpr=1&w=500",
},
},
{
timestamps: true, // Fix: Correct key for the timestamps option
}
);

module.exports = mongoose.model("User", UserSchema);

index.js
const express = require("express");
const app = express();
const dotenv = require("dotenv");
const mongoose = require("mongoose");
const authRoute = require("./routes/auth");
const userRoute = require("./routes/user");

dotenv.config();

mongoose
.connect(process.env.MONGO_URL)
.then(() => console.log("db_connected"))
.catch((err) => {
console.log(err);
});

app.use(express.json());
app.use("/api/", authRoute);
app.use("/api/users", userRoute);

app.listen(
process.env.PORT || 5002,
console.log(
`Example app listening on port http://localhost:${process.env.PORT}`
)
);

Models/Bookmark.js
const { timeStamp } = require("console");
const mongoose = require("mongoose");
const BookMarkSchema = new mongoose.Schema(
{
job: { type: String, required: true },
userId: { type: String, required: true },
title: { type: String, required: true },
imageUrl: { type: String, required: true },
company: { type: String, required: true },
location: { type: String, required: true },
},
{ timeStamp: true }
);

module.exports = mongoose.model("Bookmark", BookMarkSchema);

routes/auth.js
const router = require("express").Router();

// Correct import statement

const authController = require("../controllers/authController");

// REGISTRATION
router.post("/register", authController.createUser);

// // Login
router.post("/login", authController.loginUser);

module.exports = router;

Node.js User Authentication Setup
No ratings yet
Node.js User Authentication Setup
122 pages
Main Service and Public API Setup Guide
No ratings yet
Main Service and Public API Setup Guide
8 pages
Mongoose User Authentication Setup
No ratings yet
Mongoose User Authentication Setup
49 pages
Node.js User Authentication API
No ratings yet
Node.js User Authentication API
6 pages
Rak Shit
No ratings yet
Rak Shit
43 pages
Node.js Auth API for Expense Tracker
No ratings yet
Node.js Auth API for Expense Tracker
4 pages
Nodejs JWT Workshop
No ratings yet
Nodejs JWT Workshop
5 pages
Mongoose CRUD and Auth Guide
No ratings yet
Mongoose CRUD and Auth Guide
4 pages
1 Create .Env: Create Models/user - Model.js
No ratings yet
1 Create .Env: Create Models/user - Model.js
3 pages
Backend-User Authentication and Authorization (Node and Express)
No ratings yet
Backend-User Authentication and Authorization (Node and Express)
14 pages
Node Express
No ratings yet
Node Express
9 pages
Код додатку
No ratings yet
Код додатку
7 pages
Week11Task Program
No ratings yet
Week11Task Program
4 pages
Lab11 - Authentication and Authorization
No ratings yet
Lab11 - Authentication and Authorization
6 pages
Mern Project Blueprint - Step by Step (No Confusion Guide)
No ratings yet
Mern Project Blueprint - Step by Step (No Confusion Guide)
19 pages
Backend 6 PDF Tazpke PDF
No ratings yet
Backend 6 PDF Tazpke PDF
9 pages
Mongo DB
No ratings yet
Mongo DB
5 pages
Three Security Vulnerabilities
No ratings yet
Three Security Vulnerabilities
3 pages
JWT Avec Authentification User With Nodejs: On Commence Par Installer Le Module Jsonwebtoken
No ratings yet
JWT Avec Authentification User With Nodejs: On Commence Par Installer Le Module Jsonwebtoken
4 pages
Node.js JWT Auth for Developers
No ratings yet
Node.js JWT Auth for Developers
24 pages
Node.js User Authentication with MongoDB
No ratings yet
Node.js User Authentication with MongoDB
4 pages
Unit Iii-Mean Notes-Chatgpt
No ratings yet
Unit Iii-Mean Notes-Chatgpt
8 pages
User Authentication System Setup Guide
No ratings yet
User Authentication System Setup Guide
7 pages
NodeJS + MongoDB
100% (1)
NodeJS + MongoDB
12 pages
Mern Project Blueprint - Step by Step (No Confusion Guide)
No ratings yet
Mern Project Blueprint - Step by Step (No Confusion Guide)
14 pages
Express MongoDB User Management API
No ratings yet
Express MongoDB User Management API
4 pages
Document 26
No ratings yet
Document 26
36 pages
Express.js Framework Overview and Setup Guide
No ratings yet
Express.js Framework Overview and Setup Guide
16 pages
Week 11
No ratings yet
Week 11
5 pages
Ultimate Full-Stack Web Develo - Nabendu Biswas - 49617-101-151
No ratings yet
Ultimate Full-Stack Web Develo - Nabendu Biswas - 49617-101-151
51 pages
Node.js CRUD API with Express & MongoDB
No ratings yet
Node.js CRUD API with Express & MongoDB
10 pages
Understanding JWT Authentication Basics
No ratings yet
Understanding JWT Authentication Basics
16 pages
User Registration and Authentication System
No ratings yet
User Registration and Authentication System
530 pages
Different Login
No ratings yet
Different Login
19 pages
Claude-CyberSentinel Lite Security Dashboard
No ratings yet
Claude-CyberSentinel Lite Security Dashboard
131 pages
441073780685538385-Users Controller
No ratings yet
441073780685538385-Users Controller
3 pages
Express.js REST API Setup Guide
No ratings yet
Express.js REST API Setup Guide
9 pages
My Project
No ratings yet
My Project
45 pages
Experiment 3
No ratings yet
Experiment 3
5 pages
Experiment 11 To 14
No ratings yet
Experiment 11 To 14
25 pages
Passport Local Mern Notes
No ratings yet
Passport Local Mern Notes
4 pages
MongoDB Atlas CRUD Setup Guide
No ratings yet
MongoDB Atlas CRUD Setup Guide
13 pages
Real-Time Chat App with Node.js
No ratings yet
Real-Time Chat App with Node.js
11 pages
MongoDB User and Chat Models Setup
No ratings yet
MongoDB User and Chat Models Setup
5 pages
Simple Fullstack App
No ratings yet
Simple Fullstack App
3 pages
Express Flower Shop API Setup
No ratings yet
Express Flower Shop API Setup
17 pages
18BCE0557 Kushal: IWP Exercise-8
No ratings yet
18BCE0557 Kushal: IWP Exercise-8
7 pages
Mongoose
No ratings yet
Mongoose
26 pages
Next.js 13 Blog with Auth API
No ratings yet
Next.js 13 Blog with Auth API
46 pages
CRM Backend Setup
No ratings yet
CRM Backend Setup
3 pages
Here's The Update Database
No ratings yet
Here's The Update Database
2 pages
HR Dashboard Backend Setup Guide
No ratings yet
HR Dashboard Backend Setup Guide
8 pages
Node.js Authentication Strategies Guide
No ratings yet
Node.js Authentication Strategies Guide
8 pages
Chapter Six
No ratings yet
Chapter Six
27 pages
Student Management System Setup Guide
No ratings yet
Student Management System Setup Guide
21 pages
AngularJS and Express Integration Guide
No ratings yet
AngularJS and Express Integration Guide
7 pages
Lecture 10 User Authentication and Authorization
No ratings yet
Lecture 10 User Authentication and Authorization
43 pages
Full Stack Development with MERN
No ratings yet
Full Stack Development with MERN
6 pages
JWT Authentication in Next.js & Express
No ratings yet
JWT Authentication in Next.js & Express
2 pages
Cryptography and Network Security
No ratings yet
Cryptography and Network Security
4 pages
Botium Toys Security Compliance Checklist
No ratings yet
Botium Toys Security Compliance Checklist
3 pages
HP m880 User Guide Fabf3e1
No ratings yet
HP m880 User Guide Fabf3e1
28 pages
SSH Overview and Best Practices Guide
No ratings yet
SSH Overview and Best Practices Guide
16 pages
Unit 3 Digital Empowerment
No ratings yet
Unit 3 Digital Empowerment
13 pages
BeEF: Browser Exploitation Framework Overview
No ratings yet
BeEF: Browser Exploitation Framework Overview
5 pages
Login - Alpha Release Note - 230331
No ratings yet
Login - Alpha Release Note - 230331
3 pages
SPOILER Answers Cisco Test
No ratings yet
SPOILER Answers Cisco Test
15 pages
Online Industry Registration Receipt
No ratings yet
Online Industry Registration Receipt
1 page
IAS-Chapter 2 The Need For Information Security
No ratings yet
IAS-Chapter 2 The Need For Information Security
14 pages
Case Study - OTDS 162 - OKTA Integration
No ratings yet
Case Study - OTDS 162 - OKTA Integration
20 pages
Cybersecurity Threats and Definitions
No ratings yet
Cybersecurity Threats and Definitions
3 pages
EC Council Cyber Handbook Enterprise 2024
No ratings yet
EC Council Cyber Handbook Enterprise 2024
56 pages
What Is A Computer Security Risk
No ratings yet
What Is A Computer Security Risk
10 pages
Class Diagram
No ratings yet
Class Diagram
1 page
ERD Diagram
No ratings yet
ERD Diagram
1 page
SCAP Vulnerability Scanner Benefits and Best Practices
No ratings yet
SCAP Vulnerability Scanner Benefits and Best Practices
3 pages
Homomorphic Encryption: Aarushi Gupta 1RV18EC001
No ratings yet
Homomorphic Encryption: Aarushi Gupta 1RV18EC001
14 pages
CCNA Network Security Study Guide
No ratings yet
CCNA Network Security Study Guide
8 pages
Cinta Hotspot 12-Hour Voucher List
No ratings yet
Cinta Hotspot 12-Hour Voucher List
14 pages
Cybersecurity Lec 6
No ratings yet
Cybersecurity Lec 6
16 pages
Ethical Hacking Fundamentals
No ratings yet
Ethical Hacking Fundamentals
17 pages
Digital Forensic
No ratings yet
Digital Forensic
9 pages
Vanderbilt Focuses On Technologies To Counter Card Cloning Menace Security News
No ratings yet
Vanderbilt Focuses On Technologies To Counter Card Cloning Menace Security News
1 page
ICT - Chapter 6 - Revision Notes
No ratings yet
ICT - Chapter 6 - Revision Notes
4 pages
WWII Encrypted Communications Explained
No ratings yet
WWII Encrypted Communications Explained
3 pages
Tagging Your Binaries With A Risk Analysis Measurement From CWE/CWRAF
No ratings yet
Tagging Your Binaries With A Risk Analysis Measurement From CWE/CWRAF
45 pages
Introduction To Course: Network Security
No ratings yet
Introduction To Course: Network Security
21 pages
User Authentication Module Design
No ratings yet
User Authentication Module Design
3 pages
Cybersecurity Red Flags Cheat Sheet
No ratings yet
Cybersecurity Red Flags Cheat Sheet
1 page