jwt_example/index.js

95 lines
2.3 KiB
JavaScript

const express = require('express');
const jwt = require('jsonwebtoken');
const bcrypt = require('bcrypt');
const app = express();
app.use(express.json());
const SECRET_KEY = 'TERRIBLESECRETKEYDOTWBEM'
const PORT = 3000
let users = [];
function authenticateToken(req, res, next) {
const auth_header = req.headers['X-JWT-EXAMPLE-TOKEN'];
const token = auth_header && auth_header.split(' ')[1];
if (token == null) {
res.status(401).json({
'status': 'X-JWT-EXAMPLE-TOKEN not set'
});
return;
}
jwt.verify(token, SECRET_KEY, (err, user) => {
if (err) {
res.status(401).json({
'status': 'Token not authorized'
});
return;
}
req.user = user;
next();
});
}
app.post('/register', async (req, res) => {
try {
users.push({
username: req.body.username,
password: bcrypt.hashSync(req.body.password, 10)
});
res.status(201).json({
status: 'User Created'
});
} catch (error) {
res.status(500).json({
status: 'Internal server error',
'error': error
});
}
});
app.post('/login', async (req, res) => {
const user = users.find(user => user.username === req.body.username);
if (user == null) {
res.status(401).json({
status: `User ${req.body.username} not authorized`
});
return;
}
try {
if (bcrypt.compareSync(req.body.password, user.password)) {
const access_token = jwt.sign({ username: user.username }, SECRET_KEY, { expiresIn: '1h'});
res.status(200).json({
status: 'OK',
token: access_token
});
} else {
res.status(401).json({
'status': `User ${req.body.username} not authorized`
});
}
} catch (error) {
res.status(500).json({
status: 'Internal server error',
'error': error
});
}
});
app.get('/protected', authenticateToken, (req, res) => {
res.status(200).json({
status: 'OK',
message: 'Protected resource access granted'
});
})
app.listen(PORT, () => {
console.log(`Server listening on port ${PORT}`)
});