me/express-blog-api
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

updated auth, ping page

Browse source
This commit is contained in:
ak 2023-09-28 18:11:01 -07:00
parent b27395697b
commit e3a527f5ec
5 changed files with 39 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
controllers/ping.js Normal file
View file

@ -0,0 +1,26 @@
const jwt = require("jsonwebtoken");
let opts = {};
exports.get = (req, res, next) => {
// get token
const token = req.cookies.JWT_TOKEN;
if (!token) {
// if none, error
return res.status(403).json({
message: "Not authorized!",
});
}
try {
const username = jwt.verify(token, process.env.SECRET_KEY);
// move forward
return res.status(200).json({
user: username,
});
} catch {
// if incorrect, error
return res.status(403).json({
message: "Not authorized!",
});
}
};

9
controllers/post.js
View file

@ -15,7 +15,7 @@ exports.index = asyncHandler(async (req, res, next) => {
const token = req.cookies.JWT_TOKEN;
blocc: if (token) {
try {
jwt.verify(token, process.env.SECRET_KEY);
const username = jwt.verify(token, process.env.SECRET_KEY);
} catch {
break blocc;
}
@ -23,13 +23,8 @@ exports.index = asyncHandler(async (req, res, next) => {
const unpublished = await Post.find({ published: false }).lean().exec();
for (let z = 0; z < unpublished.length; z++) {
const post = unpublished[i];
const author = post.author;
let opts = {
expiresIn: "1d",
};
const authorToken = jwt.sign({ author }, process.env.SECRET_KEY, opts);
// if any are by the current user, append to dbPosts
if (token == authorToken) {
if (username == post.author) {
dbPosts.push(post);
}
}

13
middleware/sameAuthor.js
View file

@ -6,15 +6,12 @@ const Post = require("../models/post.js");
const sameAuthor = asyncHandler(async (req, res, next) => {
// get token
const token = req.cookies.JWT_TOKEN;
// make token with identical user information
let opts = {
expiresIn: "1d",
};
// extract username from token
const username = jwt.verify(token, process.env.SECRET_KEY);
// get post
const post = await Post.findById(req.params.postID).lean().exec();
const author = post.author;
const userToken = jwt.sign({ author }, process.env.SECRET_KEY, opts);
// compare the two, if the token does not match then the action is unauthorized
if (token != userToken) {
// if different usernames
if (username !== post.author) {
return res.status(403).json({
message: "Not authorized!",
});

12
middleware/sameUser.js
View file

@ -3,14 +3,10 @@ const jwt = require("jsonwebtoken");
const sameUser = (req, res, next) => {
// get token
const token = req.cookies.JWT_TOKEN;
// make token with identical user information
let opts = {
expiresIn: "1d",
};
const username = req.params.username;
const userToken = jwt.sign({ username }, process.env.SECRET_KEY, opts);
// compare the two, if the token does not match then the action is unauthorized
if (token != userToken) {
// extract username from token
const username = jwt.verify(token, process.env.SECRET_KEY);
// if different usernames
if (username != req.params.username) {
return res.status(403).json({
message: "Not authorized!",
});

5
routes/index.js
View file

@ -2,6 +2,7 @@ const express = require("express");
const router = express.Router();
const login_controller = require("../controllers/login.js");
const post_controller = require("../controllers/post.js");
const ping_controller = require("../controllers/ping.js");
const hasToken = require("../middleware/hasToken.js");
// list all posts and append comments to each post based on id, return as json
@ -11,8 +12,6 @@ router.get("/", post_controller.index);
router.post("/login", login_controller.post);
// authentication checking page - used by frontend
router.get("/ping", hasToken, (req, res) => {
return res.status(200).json({ message: "Authenticated!" });
});
router.get("/ping", ping_controller.get);
module.exports = router;