I am using JWT token authentication in my Node.js and express application. But for each route I am calling the method to verify the token and my code is given below.
route.js:
const express = require('express'),
controller = require('../controller/customer.controller'),
verify = require('../utill/verify.util.js'),
Router = express.Router();
class DemoProjectRouter {
getRouter() {
try{
Router.get('/', verify.verifyToken, controller.getCustomer.bind(controller));
Router.post('/add',verify.verifyToken, controller.addCustomer.bind(controller));
return Router;
}catch(error) {
console.log(error);
}
}
}
module.exports = new DemoProjectRouter();
In the below file I am verifying the token.
const jwt = require('jsonwebtoken');
const _ = require('lodash');
const jwtKey = "my_secret_key"
const jwtExpirySeconds = '2d';
class DemoProjectJWT {
async createJWT(username) {
try{
let obj = {};
obj['username'] = username;
const token = jwt.sign(obj, jwtKey, {algorithm: "HS256", expiresIn: jwtExpirySeconds});
return token;
}catch(error){
console.log(error);
}
}
async verifyToken(req, res, next) {
try{
let token = '';
if (_.get(req,['body', 'token'])) {
token = req.body.token;
}
if (_.get(req,['query', 'token'])) {
token = req.query.token;
}
if (_.get(req,['headers', 'x-access-token'])) {
token = req.headers['x-access-token'];
}
if (_.get(req,['cookies', 'token'])) {
token = req.cookies.token;
}
if (token === '' || token === null) {
let err = new Error('No token provided!');
err.status = 403;
res.send(err);
}else{
jwt.verify(token, jwtKey, (err, decode) => {
if (err) {
if (err.name === 'TokenExpiredError') {
console.log("token expired!");
let err = new Error('You are not authenticated!');
err.status = 401;
res.send(err);
}
}else{
req.decoded = decode;
next();
}
})
}
}catch(error) {
console.log(error);
}
}
}
module.exports = new DemoProjectJWT();
Here I am binding my token in each route method but I need to write any common method where it will include the token in each route for verification so that if I am creating any new route method I will not add again verify.verifyToken
for verification.for each user request it should call automatically.
You need to register your token verification handler as a router-level middleware:
Router.use(verify.verifyToken);
Router.get('/', controller.getCustomer.bind(controller));
Router.post('/add', controller.addCustomer.bind(controller));