Skip to content

Latest commit

 

History

History
119 lines (90 loc) · 3.54 KB

File metadata and controls

119 lines (90 loc) · 3.54 KB

Here's a breakdown of the code:

Import Required Modules:

  • express: Express.js is used for building the web application.
  • passport: Passport is a popular authentication middleware for Express.js.
  • jsonwebtoken (jwt): It's used to generate and verify JSON Web Tokens.
  • ExtractJwt and Strategy from passport-jwt: These are used to define and configure the JWT authentication strategy.
  • bcrypt: This library is used for hashing and verifying passwords securely.
  • cors: CORS middleware for enabling Cross-Origin Resource Sharing.

Create an Express Application and Define the Port:

    const app = express();
    const port = 4000;

Configure JWT Secret Key:

    const JWT_SECRET_KEY = 'your-secret-key';

Replace your-secret-key with a secure secret key for JWT token generation and validation.

Mock User Database:

    const users = [
        {
            id: 1,
            email: 'hello@hello.com',
            password: '$2b$10$/qyCbk4xtySo4CZQIfwpbunxo1oNQ3.SBdd5uU1YgfhRoIVnDagcm',
        },
    ];

This is a simple mock database containing a user with an email and hashed password.

Configure Passport with JWT Strategy:

    passport.use(new JwtStrategy({
    jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
    secretOrKey: JWT_SECRET_KEY,
    }, (jwtPayload, done) => {
    // Verify the JWT payload and find the user
    // ...
    }));

This code sets up Passport to use JWT for authentication. It specifies how Passport should extract JWT tokens from incoming requests and how to verify them.

Middleware for JSON Request Parsing and CORS:

    app.use(express.json());

    const corsOptions = {
    origin: 'http://localhost:3000', // Replace with your frontend domain
    credentials: true,
    };
    app.use(cors(corsOptions));

it configures middleware for parsing JSON request bodies and enables CORS for allowing requests from your frontend domain.

Login Route:

    app.post('/api/login', (req, res) => {
        // Handle user login and JWT token generation
        // ...
    });

This route handles user login. It verifies the user's credentials, and if they are valid, it generates a JWT token to send back to the client.

Logout Route:

    app.get('/api/logout', (req, res) => {
    // Handle user logout (optional)
    // ...
    });

This route is for logging out a user. It can be used to invalidate the JWT token if needed.

User Route:

    app.get('/api/user', passport.authenticate('jwt', { session: false }), (req, res) => {
        // Return user information from the authenticated request
        // ...
    });

This route demonstrates how to protect a route with JWT authentication. Only authenticated users with a valid token can access this route.

Test Route:

    app.get('/api/test', passport.authenticate('jwt', { session: false }), (req, res) => {
    // Protected route for testing purposes
    res.json({ message: 'This is a test endpoint' });
    });

This is a protected route that can be accessed only by authenticated users with a valid JWT token.

Start the Express Application:

    app.listen(port, () => {
    console.log(`Server is running on port ${port}`);
    });

Finally, the Express application is started and listens on the specified port.

You'll need to replace 'your-secret-key' with a secure secret key and configure the CORS options to match your frontend domain. The /api/login route is responsible for user authentication and token generation, while other routes can be protected with JWT authentication as needed.