Authentication Done

5codeman · 5codeman · commit e697b8d8a4f9 · 2023-10-01T09:03:26.000+05:30
diff --git a/app.js b/app.js
@@ -8,8 +8,12 @@ const app = express();
 //parse the form data sent with post request
 const bodyParser = require('body-parser');
 app.use(bodyParser.urlencoded({ extended: false }));
+
 app.use(bodyParser.json()); // It parses only json object(when any request post json data)
 
+const cookieParser = require('cookie-parser');
+app.use(cookieParser());
+
 // connect to the mysql DB
 const sequelize = require('./util/database');
 const User = require('./models/user');  // ? What is use of this
diff --git a/controllers/user_controller.js b/controllers/user_controller.js
@@ -49,6 +49,8 @@ module.exports.signIn = async function (req, res) {
             }
 
             else if (user && user.password == password) {
+                const token = generateAccessToken(user.id, user.email);
+                res.cookie("jwt_token", token);
                 res.status(200).send(`<script> window.location.href='/user_dashboard'; </script>`);
 
             }
@@ -63,4 +65,6 @@ module.exports.signIn = async function (req, res) {
 
 module.exports.userDashboard = function (req, res) {
     res.sendFile(path.join(__dirname, '../public/views/user_dashboard.html'));
-};
+};
+
+
diff --git a/middleware/auth.js b/middleware/auth.js
@@ -0,0 +1,34 @@
+const jwt = require("jsonwebtoken");
+const User = require("../models/user");
+
+const authenticate = (req, res, next) => {
+    try {
+        const token = req.cookies.jwt_token;
+        //suppose if token not exist in browser cookies or someone delete it
+        if (!token) {
+            res.redirect('/');
+        }
+
+        // in this user a object is return with email and the userId
+        const user = jwt.verify(token, process.env.SECRET_KEY); //It give the binded data after matching with secret_key
+
+        //suppose someone edit or alter my token in browser cokkies or cookies is not match with my secret key or vrify unsuccessful.
+        if (!user) {
+            res.redirect('/');
+        }
+
+        User.findByPk(user.userId).then((user) => {
+            //suposse that if user is not in our db or not exist
+            if (!user) {
+                res.redirect('/');
+            }
+            req.user = user; //make a user property in req
+            next(); // it goes to next action, controller
+        });
+    } catch (err) {
+        console.log(err);
+        return res.status(401).json({ success: false });
+    }
+};
+
+module.exports = authenticate;
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -15,6 +15,7 @@
   "dependencies": {
     "axios": "^1.5.0",
     "body-parser": "^1.20.2",
+    "cookie-parser": "^1.4.6",
     "dotenv": "^16.3.1",
     "express": "^4.18.2",
     "jsonwebtoken": "^9.0.2",
diff --git a/public/js/user_dashboard.js b/public/js/user_dashboard.js
@@ -350,7 +350,8 @@ logoutBtn.addEventListener("click", logout);
 
 async function logout() {
     try {
-        // localStorage.clear();
+        //delete the browser cookies
+        document.cookie = "jwt_token=; max-age=-60"; // ? Any diff. way and why we write like this ??
         window.location.href = "/";
     } catch (err) {
         console.log(err);
diff --git a/router/expense.js b/router/expense.js
@@ -1,14 +1,17 @@
 const express = require('express');
 const router = express.Router();
 
+//here userAuthentication is a middleware function
+const userAuthentication = require("../middleware/auth");
+
 const expenseController = require('../controllers/expense_controller');
 
-router.post('/addExpense', expenseController.addExpense);
+router.post('/addExpense', userAuthentication, expenseController.addExpense);
 
-router.get('/getAllExpenses', expenseController.getAllExpenses);
+router.get('/getAllExpenses', userAuthentication, expenseController.getAllExpenses);
 
-router.get('/deleteExpense/:id', expenseController.deleteExpense);
+router.get('/deleteExpense/:id', userAuthentication, expenseController.deleteExpense);
 
-router.post('/updateExpense/:id', expenseController.updateExpense);
+router.post('/updateExpense/:id', userAuthentication, expenseController.updateExpense);
 
 module.exports = router;
diff --git a/router/user.js b/router/user.js
@@ -1,6 +1,9 @@
 const express = require('express');
 const router = express.Router();
 
+//here userAuthentication is a middleware function
+const userAuthentication = require("../middleware/auth");
+
 const homeController = require('../controllers/home_controller');
 
 const userController = require('../controllers/user_controller');
@@ -11,6 +14,6 @@ router.post('/signUp', userController.signUp);
 
 router.post('/signIn', userController.signIn);
 
-router.get('/user_dashboard', userController.userDashboard);
+router.get('/user_dashboard', userAuthentication, userController.userDashboard);
 
 module.exports = router;

Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,8 @@ module.exports.signIn = async function (req, res) {`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	`else if (user && user.password == password) {`
	`52`	`+ const token = generateAccessToken(user.id, user.email);`
	`53`	`+ res.cookie("jwt_token", token);`
`52`	`54`	res.status(200).send(`<script> window.location.href='/user_dashboard'; </script>`);
`53`	`55`
`54`	`56`	`}`
`@@ -63,4 +65,6 @@ module.exports.signIn = async function (req, res) {`
`63`	`65`
`64`	`66`	`module.exports.userDashboard = function (req, res) {`
`65`	`67`	`res.sendFile(path.join(__dirname, '../public/views/user_dashboard.html'));`
`66`		`-};`
	`68`	`+};`
	`69`	`+`
	`70`	`+`