set up JWT authorazation

chiefkarim · Sep 11, 2023 · 640f355 · 640f355
1 parent b752181
commit 640f355
Show file tree

Hide file tree

Showing 12 changed files with 57 additions and 32 deletions.
diff --git a/app.js b/app.js
@@ -99,6 +99,8 @@ const collectionRouter = require("./routes/collection");
 const itemRouter = require("./routes/item");
 const signUpRouter = require("./routes/sign-up")
 const logInRouter = require('./routes/log-in')
+
+
 app.use("/",express.static(path.join(__dirname, "uploads")),indexRouter);
 app.use("/collection", express.static(path.join(__dirname, "uploads")),collectionRouter);
 app.use("/item",express.static(path.join(__dirname, "uploads")),itemRouter);

diff --git a/controllers/collectionController.js b/controllers/collectionController.js
@@ -129,7 +129,7 @@ exports.edit_post_api =[
 //handling create item request GET
 exports.create_get =asyncHandler(async(req,res,next)=>{
         const collections = await collectionModel.find({})
-    
+
         res.render('collectionCreate',{title:"collections create",collections:collections})
 
 
@@ -138,7 +138,6 @@ exports.create_get =asyncHandler(async(req,res,next)=>{
 //handling create item request GET
 exports.create_get_api =asyncHandler(async(req,res,next)=>{
         const collections = await collectionModel.find({})
-
         res.send({title:"collections create",collections:collections})
 
 

diff --git a/controllers/log-inController.js b/controllers/log-inController.js
@@ -26,8 +26,8 @@ exports.logIn_post = [
             passport.authenticate('local', function(err, user, info, status) {
                 if (err) { return next(err) }
                 if (!user) { return   res.render('log-in',{title:'Log in',errors:[info]})  }
-                jwt.sign(req.body.username, '')
-                res.redirect('/');
+               const accessToken = jwt.sign({username:req.body.username}, process.env.ACCESS_TOKEN_SECRET)
+                res.send({accessToken:accessToken});
             })(req, res, next)
         }
     }),

diff --git a/controllers/sign-upController.js b/controllers/sign-upController.js
@@ -2,6 +2,7 @@ const asyncHandler = require("express-async-handler");
 const {body , validationResult } = require('express-validator')
 const userModel = require('../models/user') 
 const bcrypt = require('bcryptjs')
+const jwt = require('jsonwebtoken')
 
 exports.signUp_get = asyncHandler(async(req,res,next)=>{
     res.render('sign-up',{title:'sign up'})
@@ -38,8 +39,8 @@ exports.signUp_post = [
                    password:hashedPassword
                 })
                 result = await user.save()
-                console.log(result)
-                res.redirect('/')
+                const accessToken = jwt.sign({username:req.body.username}, process.env.ACCESS_TOKEN_SECRET)
+                res.send({accessToken:accessToken});
             }catch(err){
                 return next(err)
             }

diff --git a/helpers/auth.js b/helpers/auth.js
@@ -0,0 +1,21 @@
+const jwt = require('jsonwebtoken') 
+module.exports=function authenticate(req, res, next) {
+  const bearerHeader = req.headers["authorization"];
+
+  if (typeof bearerHeader !== "undefined") {
+    const token = bearerHeader.split(" ")[1];
+    console.log("token", token);
+
+    req.token = token;
+    jwt.verify(token, process.env.ACCESS_TOKEN_SECRET, (err, user) => {
+      if (err || user.username !== "admin") {
+        console.log("eror", err);
+        res.sendStatus(403);
+      }
+      req.user = user;
+      next();
+    });
+  } else {
+    res.sendStatus(400);
+  }
+}
diff --git a/data.csv → helpers/data.csv b/data.csv → helpers/data.csv
diff --git a/imageToWebdb.js → helpers/imageToWebdb.js b/imageToWebdb.js → helpers/imageToWebdb.js
diff --git a/populateCategories.js → helpers/populateCategories.js b/populateCategories.js → helpers/populateCategories.js
@@ -3,7 +3,7 @@ const fs = require("fs");
 const csvParser = require("csv-parser");
 const result = [];
 const nameIndex = {}; // A mapping to track indexes of names
-const collection = require("./models/collection");
+const collection = require("../models/collection");
 const express = require("express");
 const { default: mongoose } = require("mongoose");
 

diff --git a/populateItems.js → helpers/populateItems.js b/populateItems.js → helpers/populateItems.js
@@ -3,10 +3,10 @@ const fs = require("fs");
 const csvParser = require("csv-parser");
 const result = [];
 const nameIndex = {}; // A mapping to track indexes of names
-const collection = require("./models/collection");
+const collection = require("../models/collection");
 const express = require("express");
 const { default: mongoose } = require("mongoose");
-const Item = require("./models/item");
+const Item = require("../models/item");
 const { getEnabledCategories } = require("trace_events");
 require("dotenv").config();
 //connecting to database

diff --git a/request.rest b/request.rest
@@ -1 +1,2 @@
-GET http://localhost:3000/collection/api
+GET http://localhost:3000/item/edit
+Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNjk0NDEzMzU0fQ.-bg_1nIVgNkEmWLDEivnXna4Lx0aT4qiOVSTSXCM_Gg
diff --git a/routes/collection.js b/routes/collection.js
@@ -13,7 +13,7 @@ const storage = multer.diskStorage({
        })
 
 const upload = multer({ storage: storage })
-
+const authenticate = require('../helpers/auth')
 
 /* GET users listing. */
 
@@ -23,33 +23,33 @@ router.get("/", collection_controller.list);
 router.get("/api",cors(),collection_controller.api_list)
 
 //handling edit collection request GET 
-router.get("/:id/edit/",collection_controller.edit_get)
-router.post("/:id/edit/",upload.single('src'),collection_controller.edit_post)
+router.get("/:id/edit/",authenticate,collection_controller.edit_get)
+router.post("/:id/edit/",authenticate,upload.single('src'),collection_controller.edit_post)
 
 //APIhandling edit collection request GET 
-router.get("/:id/edit/api",collection_controller.edit_get_api)
-router.post("/:id/edit/api",upload.single('src'),collection_controller.edit_post_api) 
+router.get("/:id/edit/api",authenticate,collection_controller.edit_get_api)
+router.post("/:id/edit/api",authenticate,upload.single('src'),collection_controller.edit_post_api) 
 
 //handling deleting collection POST
-router.post('/:id/delete',collection_controller.delete)
+router.post('/:id/delete',authenticate,collection_controller.delete)
 
 //handling deleting collection POST
-router.post('/:id/delete/api',collection_controller.delete_api)
+router.post('/:id/delete/api',authenticate,collection_controller.delete_api)
 
 //handling create collection request GET
-router.get("/create",collection_controller.create_get)
+router.get("/create",authenticate,collection_controller.create_get)
 
 //handling create collection request GET
-router.get("/create/api",collection_controller.create_get_api)
+router.get("/create/api",authenticate,collection_controller.create_get_api)
 
 //handling create collection request POST
-router.post("/create",upload.single('src'),collection_controller.create_post)
+router.post("/create",authenticate,upload.single('src'),collection_controller.create_post)
 
 //handling create collection request POST
-router.post("/create/api",upload.single('src'),collection_controller.create_post_api)
+router.post("/create/api",authenticate,upload.single('src'),collection_controller.create_post_api)
 
 // show all items in a specified collection
-router.get("/:id", collection_controller.list_items);
+router.get("/:id",collection_controller.list_items);
 
 // show all items in a specified collection
 router.get("/:id/api", collection_controller.list_items_api);

diff --git a/routes/item.js b/routes/item.js
@@ -12,29 +12,30 @@ const storage = multer.diskStorage({
        })
 
 const upload = multer({ storage: storage })
+const authenticate = require('../helpers/auth')
 
 
 //creating  item
-router.get('/create',item_controller.edit_get)
-router.post('/create',upload.array('src',10),item_controller.edit_post)
+router.get('/create',authenticate,item_controller.edit_get)
+router.post('/create',authenticate,upload.array('src',10),item_controller.edit_post)
 
 //creating  item
-router.get('/create/api',item_controller.edit_get_api)
-router.post('/create/api',upload.array('src',10),item_controller.edit_post_api)
+router.get('/create/api',authenticate,item_controller.edit_get_api)
+router.post('/create/api',authenticate,upload.array('src',10),item_controller.edit_post_api)
 
 //editing item
-router.get('/:id/edit',item_controller.edit_get)
-router.post('/:id/edit',upload.array('src',10),item_controller.edit_post)
+router.get('/:id/edit',authenticate,item_controller.edit_get)
+router.post('/:id/edit',authenticate,upload.array('src',10),item_controller.edit_post)
 
 //editing item
-router.get('/:id/edit/api',item_controller.edit_get_api)
-router.post('/:id/edit/api',upload.array('src',10),item_controller.edit_post_api)
+router.get('/:id/edit/api',authenticate,item_controller.edit_get_api)
+router.post('/:id/edit/api',authenticate,upload.array('src',10),item_controller.edit_post_api)
 
 //handling deleting POST
-router.post('/:id/delete',item_controller.delete)
+router.post('/:id/delete',authenticate,item_controller.delete)
 
 //handling deleting POST
-router.post('/:id/delete/api',item_controller.delete_api)
+router.post('/:id/delete/api',authenticate,item_controller.delete_api)
 // displaying item details GET
 router.get('/:id',item_controller.detail)