Do more code on authentication part, 1.after signed in restrict user to sign in again 2. suppose a user is signed in and the user somehow get the login page or open in a another tab then when he try to signed in again then i restrict them using middleware named as secure 3. work on user perosonilasation mease a specfic user can see their own expenses or data only user edit or delete their own data only create data with their specified id,i acchive this by using foreign key in expense table (Now, all authentication part is done)

5codeman · 5codeman · commit 41c21f5e7e6a · 2023-10-01T12:15:56.000+05:30
diff --git a/controllers/expense_controller.js b/controllers/expense_controller.js
@@ -24,8 +24,8 @@ module.exports.addExpense = async (req, res) => {
             date: date,
             category: category,
             description: description,
-            amount: amount
-            // userId: req.user.id
+            amount: amount,
+            userId: req.user.id
         }
             // ,{ transaction: t }
         ).then((data) => {
@@ -44,7 +44,7 @@ module.exports.addExpense = async (req, res) => {
 
 exports.getAllExpenses = async (req, res) => {
     try {
-        const expenses = await Expense.findAll(); //{ where: { userId: req.user.id } }
+        const expenses = await Expense.findAll({ where: { userId: req.user.id } });
         res.json(expenses); // send the date where api call (This is is API or controller for get expense data)
     } catch (err) {
         console.log(err);
@@ -61,7 +61,7 @@ exports.deleteExpense = async (req, res) => {
         //     },
         //     { where: { id: req.user.id } }
         //   );
-        await Expense.destroy({ where: { id: id } }); //,userId: req.user.id 
+        await Expense.destroy({ where: { id: id } });
         res.redirect("/user_dashboard");
     } catch (err) {
         console.log(err);
@@ -88,7 +88,7 @@ exports.updateExpense = async (req, res) => {
             category: category,
             description: description,
             amount: amount
-        }, { where: { id: id } } //, userId: req.user.id
+        }, { where: { id: id } }
         );
         res.redirect("/user_dashboard");
     } catch (err) {
diff --git a/middleware/auth.js b/middleware/auth.js
@@ -26,8 +26,9 @@ const authenticate = (req, res, next) => {
             next(); // it goes to next action, controller
         });
     } catch (err) {
-        console.log(err);
-        return res.status(401).json({ success: false });
+        // console.log(err);
+        // return res.status(401).json({ success: false });
+        res.send(`<script> document.cookie = "jwt_token=; max-age=-60"; window.location.href='/';</script>`);
     }
 };
 
diff --git a/middleware/secure.js b/middleware/secure.js
@@ -0,0 +1,22 @@
+const jwt = require("jsonwebtoken");
+
+const secure = (req, res, next) => {
+    try {
+        // If user is already signed_in so, we want they not open the sign in page and supose they sign in page by any chance then he cant login again
+        const token = req.cookies.jwt_token;
+        if (token) {
+            const user = jwt.verify(token, process.env.SECRET_KEY);
+            if (user) {
+                res.redirect('/user_dashboard');
+            }
+            // if token is not verified then it goes to catch block
+        }
+        next();
+    } catch (err) {
+        // console.log(err);
+        // return res.status(401).json({ success: false });
+        res.send(`<script> document.cookie = "jwt_token=; max-age=-60"; window.location.href='/';</script>`);
+    }
+};
+
+module.exports = secure;
diff --git a/router/user.js b/router/user.js
@@ -1,18 +1,19 @@
 const express = require('express');
 const router = express.Router();
 
-//here userAuthentication is a middleware function
+//here userAuthentication and secure is a middleware function
 const userAuthentication = require("../middleware/auth");
+const secure = require("../middleware/secure");
 
 const homeController = require('../controllers/home_controller');
 
 const userController = require('../controllers/user_controller');
 
-router.get('/', homeController.homePage);
+router.get('/', secure, homeController.homePage);
 
-router.post('/signUp', userController.signUp);
+router.post('/signUp', userController.signUp); // secure - we have to use this but for this time leave it
 
-router.post('/signIn', userController.signIn);
+router.post('/signIn', secure, userController.signIn);
 
 router.get('/user_dashboard', userAuthentication, userController.userDashboard);
 
