Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Get current user in model server-side #727

Closed
Kageetai opened this issue Dec 2, 2014 · 11 comments

Comments

Projects
None yet
6 participants
@Kageetai
Copy link

commented Dec 2, 2014

Hi there,
I am very new to authentication on the server side and don't really understand most of what the generator does yet.
But I want to save the current user to a field in another model when it is created. So I guess I have to modify the create function in my models controller, but I have no idea how to get the currently logged in user. Can anyone help me there?

@remicastaing

This comment has been minimized.

Copy link
Contributor

commented Dec 6, 2014

To get the current user, take a look at how the route /api/meworks, especially the /server/api/user/index.js and /server/api/user/user.controller.js files. In the second file, take a look at exports.show = function(req, res, next) {...}.

@JaKXz JaKXz added the question label Dec 6, 2014

@Kageetai

This comment has been minimized.

Copy link
Author

commented Dec 8, 2014

Cool, I didn't know the current user is transferred in the request too. So I just saved req.user._id in my model and it works fine. Thanks :)

@Kageetai Kageetai closed this Dec 8, 2014

@Awk34

This comment has been minimized.

Copy link
Member

commented Dec 8, 2014

I made a middleware that attaches the currently logged in user object to the req; I find it very useful.

@remicastaing

This comment has been minimized.

Copy link
Contributor

commented Dec 8, 2014

@Kageetai, an access token is transferred in the request. auth.isAuthenticated() adds the user to req.

@Awk34

This comment has been minimized.

Copy link
Member

commented Dec 8, 2014

Found my code:

/**
 * If there is a user, appends it to the req
 * else req.user would be undefined
 */
function appendUser() {
    return compose()
        // Attach user to request
        .use(function(req, res, next) {
            validateJwt(req, res, function(val) {
                if(_.isUndefined(val)) {
                    User.findById(req.user._id, function(err, user) {
                        if(err) {
                            return next(err);
                        } else if(!user) {
                            req.user = undefined;
                            return next();
                        } else {
                            req.user = user;
                            next();
                        }
                    });
                } else {
                    req.user = undefined;
                    next();
                }
            });
        });
}

You could use something like this if you just wanted to get the user. If you use the isAuthenticated middleware, a non-authenticated user won't be able to get to the route you use it on. With this middleware, it will attach the user object to the req, and if there is no authenticated user, the req will still go through, but with req.user: undefined.

@Kageetai

This comment has been minimized.

Copy link
Author

commented Dec 9, 2014

@Awk34 it seems I don't need your middleware as the user already gets attached to the request as @remicastaing mentioned.

@Awk34

This comment has been minimized.

Copy link
Member

commented Dec 9, 2014

True. The difference is that the middleware I posted will continue the request on with req.user: undefined, whereas auth.isAuthenticated will not continue the request and instead give a 401 error. Depends on what you need the user object for; just throwing that out there.

@Kageetai

This comment has been minimized.

Copy link
Author

commented Dec 10, 2014

Oh yeah, that might come in handy, although for now I don't need it as the route is only for logged in users anyway.

@BenjaminConant

This comment has been minimized.

Copy link

commented Jan 23, 2016

I could be wrong but I think that expressJwt is doing the attaching of the user auth.isAuthenticated() finds the JWT ... either in req.query.access_token or in req.headers.authorization .... so the function validateJwt(req, res, next); is what attaches the user if the JWT is valid. ... you can see this in auth.service.js

@rugved-in

This comment has been minimized.

Copy link

commented Aug 19, 2016

@Kageetai can you please share the snippet of your code. I want the userId to be added to my object before being saved in the db.

@Kageetai

This comment has been minimized.

Copy link
Author

commented Aug 20, 2016

@rugved-inamdar I didn't need anything new code back then, the user already got attached which I didn't see at first :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.