Skip to content

38 jwt auth #73

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Feb 3, 2018
Merged

38 jwt auth #73

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
aa1b319
refact: Move verifyToken into utils-controller.js
jkwening Feb 3, 2018
a8093cc
feat: Require authentication to access saved pins
jkwening Feb 3, 2018
15352de
refactor: Add user key to user specific models
jkwening Feb 3, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions controllers/saved-pins-controller.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ const SavedPins = require('../models/saved-pins');
* @apiError 500 {server error} Problem finding all saved pins.
*/
exports.getSavedPins = (appReq, appRes) => {
SavedPins.find().then((savedPins) => {
SavedPins.find({ user: appReq.userId }).then((savedPins) => {
appRes.send({ savedPins });
}, (e) => {
appRes.status(500).send(e);
Expand All @@ -32,8 +32,10 @@ exports.getSavedPinsById = (appReq, appRes) => {
if (!ObjectID.isValid(params.id)) {
return appRes.status(404).send();
}

SavedPins.findById(params.id).then((pin) => {
if (!pin) {
// expect db id to be unique but just in case verifiy user._id
if (!pin || appReq.userId !== pin.user) {
return appRes.status(404).send();
}
return appRes.send({ pin });
Expand All @@ -58,6 +60,7 @@ exports.postSavedPins = (appReq, appRes) => {
lat: appReq.body.lat,
lng: appReq.body.lng,
place_id: appReq.body.place_id,
user: appReq.userId, // authenticated user's id
});

savedPin.save().then((pin) => {
Expand Down
41 changes: 41 additions & 0 deletions controllers/utils-controller.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
/**
* Utility controller module.
* @module controller/utils-controller
*/

const jwt = require('jsonwebtoken');
const { JWT_KEY } = require('../config');

/**
* @description Authorization middleware for verifying user access rights
*
* @apiError 401 {request error} Unauthorized - no token provided.
* @apiError 403 {request error} Unable to authenticate user.
*
* @param {string} req.headers['x-access-token'] - request header key used for
* tracking token
*/
exports.verifyToken = (req, res, next) => {
const token = req.headers['x-access-token'];

if (!token) {
return res.status(401).send({
auth: false,
message: 'No token provided.',
});
}

jwt.verify(token, JWT_KEY, (err, decoded) => {
if (err) {
return res.status(403).send({
auth: false,
message: 'Failed to authenticate token.',
});
}

// if good, save to request for next route
req.userId = decoded.id;
req.token = token;
next();
});
};
1 change: 1 addition & 0 deletions models/saved-directions.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ const savedDirectionsSchema = new Schema({
geocoded_waypoints: { type: [Schema.Types.Mixed], required: true },
routes: { type: [Schema.Types.Mixed], required: true },
save_date: { type: Date, default: Date.now },
user: { type: Schema.Types.ObjectId, ref: 'User' },
});

module.exports = mongoose.model('SavedDirections', savedDirectionsSchema);
1 change: 1 addition & 0 deletions models/saved-pins.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ const savedPinsSchema = new mongoose.Schema({
},
place_id: { type: String, required: true },
save_date: { type: Date, default: Date.now },
user: { type: mongoose.Schema.Types.ObjectId, ref: 'User' },
});

module.exports = mongoose.model('SavedPins', savedPinsSchema);
1 change: 1 addition & 0 deletions models/search-history.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ const Schema = mongoose.Schema;
const searchHistorySchema = new Schema({
query: { type: String, required: true },
save_date: { type: Date, default: Date.now },
user: { type: Schema.Types.ObjectId, ref: 'User' },
});

module.exports = mongoose.model('SearchHistory', searchHistorySchema);
11 changes: 6 additions & 5 deletions routes/search.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ const router = express.Router();
const savedDirectionsController = require('../controllers/saved-directions-controller');
const savedPinsController = require('../controllers/saved-pins-controller');
const searchHistoryController = require('../controllers/search-history-controller');
const { verifyToken } = require('../controllers/utils-controller');
/* TODO - require specific functions needed for search from google-api-controller */

/**
Expand All @@ -17,10 +18,10 @@ router.get('/', (req, res) => {
res.send('NOT IMPLEMENTED: Search View');
});

router.get('/savedpins', savedPinsController.getSavedPins);
router.get('/savedpins/:id', savedPinsController.getSavedPinsById);
router.post('/savedpins', savedPinsController.postSavedPins);
router.delete('/savedpins', savedPinsController.deleteSavedPins);
router.delete('/savedpins/:id', savedPinsController.deleteSavedPinsById);
router.get('/savedpins', verifyToken, savedPinsController.getSavedPins);
router.get('/savedpins/:id', verifyToken, savedPinsController.getSavedPinsById);
router.post('/savedpins', verifyToken, savedPinsController.postSavedPins);
router.delete('/savedpins', verifyToken, savedPinsController.deleteSavedPins);
router.delete('/savedpins/:id', verifyToken, savedPinsController.deleteSavedPinsById);

module.exports = router;
38 changes: 1 addition & 37 deletions routes/users.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,45 +1,9 @@
const express = require('express');
const jwt = require('jsonwebtoken');
const usersController = require('../controllers/users-controller');
const { JWT_KEY } = require('../config');
const { verifyToken } = require('../controllers/utils-controller');

const router = express.Router();

/** TODO - move verifyToken into utilsController so it can be used for
* other user specific data. E.g. saved pins and directions and search
* history.
* /
/**
* @description Authorization middleware for verifying access rights
*
* @param {string} req.headers['x-access-token'] - request header key used for
* tracking token
*/
const verifyToken = (req, res, next) => {
const token = req.headers['x-access-token'];

if (!token) {
return res.status(403).send({
auth: false,
message: 'No token provided.',
});
}

jwt.verify(token, JWT_KEY, (err, decoded) => {
if (err) {
return res.status(500).send({
auth: false,
message: 'Failed to authenticate token.',
});
}

// if good, save to request for next route
req.userId = decoded.id;
req.token = token;
next();
});
};

/**
* Users endpoints
*/
Expand Down