From c6fa23405799dcda4d55a3683da83b2f84bc04a2 Mon Sep 17 00:00:00 2001 From: Michael McInerney Date: Tue, 7 Sep 2021 09:22:17 -0400 Subject: [PATCH 1/4] Resetting code to a starting point --- app/components/SignIn.js | 7 +++---- app/components/app.js | 14 ++++++-------- seed.js | 8 ++++---- server/app.js | 1 + server/db/db.js | 10 +++++----- 5 files changed, 19 insertions(+), 21 deletions(-) diff --git a/app/components/SignIn.js b/app/components/SignIn.js index 40be045..f6a5715 100644 --- a/app/components/SignIn.js +++ b/app/components/SignIn.js @@ -21,12 +21,11 @@ export class SignIn extends React.Component { }); } render() { - const { onChange, onSubmit } = this; const { username, password } = this.state; return ( -
- - + + +
); diff --git a/app/components/app.js b/app/components/app.js index 781d859..bfecd94 100644 --- a/app/components/app.js +++ b/app/components/app.js @@ -31,20 +31,18 @@ export class App extends React.Component{ async signIn(credentials){ let response = await axios.post('/api/auth', credentials); const { token } = response.data; - window.localStorage.setItem('token', token); + window.localStorage.setItem('token', JSON.stringify(token)); this.attemptTokenLogin(); } render(){ const { auth } = this.state; - const { signIn, logout } = this; - if(!auth.id){ - return - } - else { + if (!auth.id) { + return ; + } else { return (
- Welcome { auth.username } - + Welcome {auth.username} +
); } diff --git a/seed.js b/seed.js index 8b0c03e..fe815c7 100644 --- a/seed.js +++ b/seed.js @@ -1,10 +1,10 @@ const { db, User } = require('./server/db/db'); const users = [ - {username: 'Mac', password: 'iAmTheBest'}, - {username: 'Sarah', password: 'KINDA_LAME'}, - {username: 'Jackie', password: 'leftUsForAJob'} -] + { username: 'Mac', password: 'iAmTheBest' }, + { username: 'Ben', password: 'KINDA_LAME' }, + { username: 'Lauren', password: 'superFellow!@#' }, +]; const seed = async () => { await db.sync({force: true}); diff --git a/server/app.js b/server/app.js index 6c7d11b..0087424 100644 --- a/server/app.js +++ b/server/app.js @@ -17,6 +17,7 @@ app.post('/api/auth', async (req, res, next) => { * password: ourPassword * } */ + console.log(req.body); res.send({ token: await User.authenticate(req.body) }); } catch (ex) { next(ex); diff --git a/server/db/db.js b/server/db/db.js index 573e68f..0b680d9 100644 --- a/server/db/db.js +++ b/server/db/db.js @@ -2,11 +2,11 @@ const Sequelize = require('sequelize'); const { STRING } = Sequelize; const jwt = require('jsonwebtoken'); -const tokenSecret = process.env.JWTSECRET; +const tokenSecret = 'OUR_SECRET_PHRASE'; const db = new Sequelize( process.env.DATABASE_URL || 'postgres://localhost/jwt_example', - {logging: false} + { logging: false } ); const User = db.define('user', { @@ -17,7 +17,7 @@ const User = db.define('user', { User.byToken = async (token) => { try { // Typically we'll need to decode the token to get the information, but our first example is just a user's ID. - const user = await User.findByPk(token); + const user = await User.findByPk(JSON.parse(token).id); if (user) { return user; } @@ -38,9 +38,9 @@ User.authenticate = async ({ username, password }) => { password, }, }); + console.log(user); if (user) { - // for now this is just our user's IDs. Later on this will be a JWT - return jwt.sign({id: user.id, username: user.username}, process.env.JWTSECRET); + return { id: user.id }; } const error = Error('bad credentials'); error.status = 401; From 91020306e27f6f0cde72a4f0dee12821927a4051 Mon Sep 17 00:00:00 2001 From: Michael McInerney Date: Tue, 7 Sep 2021 11:17:58 -0400 Subject: [PATCH 2/4] Adding code from class --- app/components/app.js | 2 +- server/app.js | 3 ++- server/db/db.js | 15 ++++++++++++--- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/app/components/app.js b/app/components/app.js index bfecd94..fb5400f 100644 --- a/app/components/app.js +++ b/app/components/app.js @@ -31,7 +31,7 @@ export class App extends React.Component{ async signIn(credentials){ let response = await axios.post('/api/auth', credentials); const { token } = response.data; - window.localStorage.setItem('token', JSON.stringify(token)); + window.localStorage.setItem('token', token); this.attemptTokenLogin(); } render(){ diff --git a/server/app.js b/server/app.js index 0087424..aad05f2 100644 --- a/server/app.js +++ b/server/app.js @@ -8,6 +8,7 @@ app.use(express.json()); app.use(express.static(path.join(__dirname, '..','public'))) app.get('/', (req, res) => res.sendFile(path.join(__dirname, '..', 'public', 'index.html'))); +// This is for logging in to our app. app.post('/api/auth', async (req, res, next) => { try { /** @@ -17,13 +18,13 @@ app.post('/api/auth', async (req, res, next) => { * password: ourPassword * } */ - console.log(req.body); res.send({ token: await User.authenticate(req.body) }); } catch (ex) { next(ex); } }); +// Trying to verify our token / login app.get('/api/auth', async (req, res, next) => { try { // Our tokens will be sent with the req.header of "authorization" diff --git a/server/db/db.js b/server/db/db.js index 0b680d9..acc106a 100644 --- a/server/db/db.js +++ b/server/db/db.js @@ -17,7 +17,10 @@ const User = db.define('user', { User.byToken = async (token) => { try { // Typically we'll need to decode the token to get the information, but our first example is just a user's ID. - const user = await User.findByPk(JSON.parse(token).id); + // const user = await User.findByPk(JSON.parse(token).id); + const verifiedToken = jwt.verify(token, tokenSecret); + console.log('verified token', verifiedToken); + const user = await User.findByPk(verifiedToken.id); if (user) { return user; } @@ -38,9 +41,15 @@ User.authenticate = async ({ username, password }) => { password, }, }); - console.log(user); if (user) { - return { id: user.id }; + // This is where our JWT SIGN should go + // return { id: user.id }; + const token = jwt.sign( + { id: user.id, username: user.username }, + tokenSecret + ); + console.log('token', token); + return token; } const error = Error('bad credentials'); error.status = 401; From 631f9b45670bdde3d5e41af33051c839edc0bdd4 Mon Sep 17 00:00:00 2001 From: mmac1020 <68390724+mmac1020@users.noreply.github.com> Date: Tue, 7 Sep 2021 12:54:54 -0400 Subject: [PATCH 3/4] Update db.js --- server/db/db.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/server/db/db.js b/server/db/db.js index acc106a..a2af1c5 100644 --- a/server/db/db.js +++ b/server/db/db.js @@ -24,9 +24,6 @@ User.byToken = async (token) => { if (user) { return user; } - const error = Error('bad credentials'); - error.status = 401; - throw error; } catch (ex) { const error = Error('bad credentials'); error.status = 401; From 14d3cda541bf2c44f4e3652a78a85070c13d58e7 Mon Sep 17 00:00:00 2001 From: mmac1020 <68390724+mmac1020@users.noreply.github.com> Date: Tue, 7 Sep 2021 13:01:00 -0400 Subject: [PATCH 4/4] Update db.js --- server/db/db.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/server/db/db.js b/server/db/db.js index a2af1c5..9c5646d 100644 --- a/server/db/db.js +++ b/server/db/db.js @@ -24,6 +24,10 @@ User.byToken = async (token) => { if (user) { return user; } + // If the user is not found in the database we need to throw an error + const error = Error('bad credentials'); + error.status = 401; + throw error; } catch (ex) { const error = Error('bad credentials'); error.status = 401;