protecting end point and generating token

poode · poode · commit f96c05332fdc · 2018-12-03T01:22:10.000+02:00
diff --git a/api/v1/login/LoginController.js b/api/v1/login/LoginController.js
@@ -0,0 +1,11 @@
+const { authentication } = require('./loginService');
+
+async function index(req, res, next) {
+  const { message, error } = await authentication(req.body);
+  if (error) return next(error);
+  return res.header('x-auth-token', message.token).send(message);
+}
+
+module.exports = {
+  index,
+};
diff --git a/api/v1/login/LoginTest.js b/api/v1/login/LoginTest.js
diff --git a/api/v1/login/loginRoute.js b/api/v1/login/loginRoute.js
@@ -0,0 +1,10 @@
+const router = require('express-promise-router')();
+
+const { index } = require('./LoginController');
+const { authRoute } = require('../../../config/appRouteList');
+
+const { root } = authRoute;
+
+router.post(root, index);
+
+module.exports = router;
diff --git a/api/v1/login/loginService.js b/api/v1/login/loginService.js
@@ -0,0 +1,57 @@
+const Joi = require('joi');
+const bcrypt = require('bcrypt');
+const jwt = require('jsonwebtoken');
+
+
+const { User } = require('../user/UserModel');
+
+const JoiLoginSchema = {
+  username: Joi.string().min(6).max(255).required(),
+  password: Joi.string().min(8).max(255).required(),
+};
+
+function validation(credentials) {
+  return Joi.validate(credentials, JoiLoginSchema);
+}
+
+async function tokenGenerator(id, username) {
+  const token = await jwt.sign({ id, username }, process.env.APP_SECRET, { expiresIn: '30d' });
+  return token;
+}
+
+async function authentication(reqBody) {
+  const result = {
+    message: '',
+    error: '',
+  };
+
+  const { error } = validation(reqBody);
+  if (error) {
+    result.error = { message: error.details[0].message, status: 400 };
+    return result;
+  }
+
+  const user = await User.findOne({ username: reqBody.username });
+  if (!user) {
+    result.error = { message: 'user is not found in our databases', status: 404 };
+    return result;
+  }
+
+  const match = await bcrypt.compare(reqBody.password, user.password);
+  if (!match) {
+    result.error = { message: 'the entered username or password is invalid!', status: 400 };
+    return result;
+  }
+  const token = await tokenGenerator(user.id, user.username);
+  result.message = {
+    authenticated: true,
+    userId: user.id,
+    username: user.username,
+    token,
+  };
+  return result;
+}
+
+module.exports = {
+  authentication,
+};
diff --git a/config/appConfiguration.js b/config/appConfiguration.js
@@ -0,0 +1,38 @@
+const compression = require('compression');
+const paginate = require('express-paginate');
+
+const {
+  authRoute,
+  userRoute,
+} = require('./appRouteList');
+const users = require('../api/v1/user/userRoute');
+const login = require('../api/v1/login/loginRoute');
+const errorHandler = require('../middleware/errorHandler');
+const logHandler = require('../middleware/logHandler');
+const corsMiddleware = require('../middleware/cors');
+const helmetMiddleware = require('../middleware/helmet');
+const { RateLimiter } = require('../middleware/rateLimiter');
+const { tooBusyMiddleware } = require('../middleware/tooBusy');
+const { translatorMiddleware } = require('../middleware/translator');
+
+module.exports = (app) => {
+  app.use(compression());
+  app.use(helmetMiddleware);
+  app.use(logHandler);
+  app.use(tooBusyMiddleware);
+  app.use(corsMiddleware);
+  app.use(new RateLimiter(15, 100).limiter);
+  app.use(translatorMiddleware);
+  app.get('/', (req, res) => res.json({ message: 'Server is up and running...' }));
+  app.use(authRoute.BaseRoute, login);
+  app.use(paginate.middleware(10, 50));
+  app.use(userRoute.BaseRoute, users);
+  app.use('*', (req, res) => {
+    const error = {
+      message: 'I don\'t blame you.It is my mistake, or may be you\'re calling a wrong endpoint',
+      status: 404,
+    };
+    res.status(404).json(error);
+  });
+  app.use(errorHandler);
+};
diff --git a/middleware/authorization.js b/middleware/authorization.js
@@ -0,0 +1,36 @@
+const jwt = require('jsonwebtoken');
+
+// const { getUser } = require('../services/user.service');
+
+async function isAuthorized(req, res, next) {
+  if (req.path === '/create') return next();
+  const token = req.get('x-auth-token');
+  if (!token) {
+    next({ message: 'I don\'t know you, who are you?!', status: 403 });
+    return false;
+  }
+  jwt.verify(token, process.env.APP_SECRET, async (err, decoded) => {
+    if (err) {
+      next(err);
+      return false;
+    }
+    const {
+      id, username, iat, exp,
+    } = decoded;
+    if (!username) {
+      next({ message: 'invalid token', status: 403 });
+      return false;
+    }
+    res.header('x-auth-token-creation', iat);
+    res.header('x-auth-token-expiry', exp);
+    res.locals.userId = id;
+    res.locals.username = username;
+    next();
+    return false;
+  });
+  return false;
+}
+
+module.exports = {
+  isAuthorized,
+};
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "express-ready-server",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "Easy Server to use",
   "main": "index.js",
   "scripts": {

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "express-ready-server",`
`3`		`- "version": "1.1.0",`
	`3`	`+ "version": "1.2.0",`
`4`	`4`	`"description": "Easy Server to use",`
`5`	`5`	`"main": "index.js",`
`6`	`6`	`"scripts": {`