- express: Express.js is used for building the web application.
- passport: Passport is a popular authentication middleware for Express.js.
- jsonwebtoken (jwt): It's used to generate and verify JSON Web Tokens.
- ExtractJwt and Strategy from passport-jwt: These are used to define and configure the JWT authentication strategy.
- bcrypt: This library is used for hashing and verifying passwords securely.
- cors: CORS middleware for enabling Cross-Origin Resource Sharing.
const app = express();
const port = 4000;
const JWT_SECRET_KEY = 'your-secret-key';
Replace your-secret-key with a secure secret key for JWT token generation and validation.
const users = [
{
id: 1,
email: 'hello@hello.com',
password: '$2b$10$/qyCbk4xtySo4CZQIfwpbunxo1oNQ3.SBdd5uU1YgfhRoIVnDagcm',
},
];
This is a simple mock database containing a user with an email and hashed password.
passport.use(new JwtStrategy({
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
secretOrKey: JWT_SECRET_KEY,
}, (jwtPayload, done) => {
// Verify the JWT payload and find the user
// ...
}));
This code sets up Passport to use JWT for authentication. It specifies how Passport should extract JWT tokens from incoming requests and how to verify them.
app.use(express.json());
const corsOptions = {
origin: 'http://localhost:3000', // Replace with your frontend domain
credentials: true,
};
app.use(cors(corsOptions));
it configures middleware for parsing JSON request bodies and enables CORS for allowing requests from your frontend domain.
app.post('/api/login', (req, res) => {
// Handle user login and JWT token generation
// ...
});
This route handles user login. It verifies the user's credentials, and if they are valid, it generates a JWT token to send back to the client.
app.get('/api/logout', (req, res) => {
// Handle user logout (optional)
// ...
});
This route is for logging out a user. It can be used to invalidate the JWT token if needed.
app.get('/api/user', passport.authenticate('jwt', { session: false }), (req, res) => {
// Return user information from the authenticated request
// ...
});
This route demonstrates how to protect a route with JWT authentication. Only authenticated users with a valid token can access this route.
app.get('/api/test', passport.authenticate('jwt', { session: false }), (req, res) => {
// Protected route for testing purposes
res.json({ message: 'This is a test endpoint' });
});
This is a protected route that can be accessed only by authenticated users with a valid JWT token.
app.listen(port, () => {
console.log(`Server is running on port ${port}`);
});
Finally, the Express application is started and listens on the specified port.
You'll need to replace 'your-secret-key' with a secure secret key and configure the CORS options to match your frontend domain. The /api/login route is responsible for user authentication and token generation, while other routes can be protected with JWT authentication as needed.