From 73ca135cc3d3c63ead59661095f844836af9d04f Mon Sep 17 00:00:00 2001 From: ak Date: Sat, 30 Sep 2023 12:57:31 -0700 Subject: [PATCH] fixed cors issues updated token verification middleware reworked blog post POST controller username acquisition --- app.js | 13 ++++++++++++- controllers/login.js | 2 ++ controllers/post.js | 8 +++++++- middleware/hasToken.js | 13 ++----------- 4 files changed, 23 insertions(+), 13 deletions(-) diff --git a/app.js b/app.js index 0f37d55..838d028 100644 --- a/app.js +++ b/app.js @@ -37,7 +37,18 @@ app.use(express.urlencoded({ extended: false })); app.use(express.static(path.join(__dirname, "public"))); // cors -app.use(cors()); +app.use( + cors({ + origin: true, + credentials: true, + methods: ["GET", "PUT", "POST"], + allowedHeaders: [ + "Access-Control-Allow-Headers", + "Origin, X-Requested-With, Content-Type, Accept", + ], + preflightContinue: true, + }) +); // routing app.use("/", indexRouter); diff --git a/controllers/login.js b/controllers/login.js index 7efbd72..bd90346 100644 --- a/controllers/login.js +++ b/controllers/login.js @@ -16,6 +16,8 @@ exports.post = asyncHandler(async (req, res, next) => { return res .cookie("JWT_TOKEN", token, { httpOnly: true, + sameSite: "none", + secure: true, }) .status(200) .json({ diff --git a/controllers/post.js b/controllers/post.js index 31620b5..00ab1b9 100644 --- a/controllers/post.js +++ b/controllers/post.js @@ -69,12 +69,18 @@ exports.post = [ }); } + // get current user from jwt token + // get token + const token = req.cookies.JWT_TOKEN; + // extract username from token + const username = jwt.verify(token, process.env.SECRET_KEY).username; + // else data is valid, make post object const post = new Post({ title: req.body.title, date: new Date(), text: req.body.text, - author: req.user.username, + author: username, _id: new mongoose.Types.ObjectId(), }); diff --git a/middleware/hasToken.js b/middleware/hasToken.js index bbdbd3b..a8ce063 100644 --- a/middleware/hasToken.js +++ b/middleware/hasToken.js @@ -4,19 +4,10 @@ const hasToken = (req, res, next) => { if (!token) { // if none, error return res.status(403).json({ - message: "Not authorized!", - }); - } - try { - jwt.verify(token, process.env.SECRET_KEY); - // move forward - return next(); - } catch { - // if incorrect, error - return res.status(403).json({ - message: "Not authorized!", + message: "Token not found!", }); } + return next(); }; module.exports = hasToken;