Search code examples
node.jsexpressexpress-jwt

How to do common binding of JWT token into each route using Node.js and express

I am using JWT token authentication in my Node.js and express application. But for each route I am calling the method to verify the token and my code is given below.

route.js:

const express = require('express'),
      controller = require('../controller/customer.controller'),
      verify = require('../utill/verify.util.js'),
      Router = express.Router();




class DemoProjectRouter {

    getRouter() {

        try{
            Router.get('/', verify.verifyToken, controller.getCustomer.bind(controller));
            Router.post('/add',verify.verifyToken, controller.addCustomer.bind(controller));
            return Router;

        }catch(error) {
            console.log(error);
        }
    }
}

module.exports = new DemoProjectRouter();

In the below file I am verifying the token.

const jwt = require('jsonwebtoken');
const _ = require('lodash');

const jwtKey = "my_secret_key"
const jwtExpirySeconds = '2d';



class DemoProjectJWT {

    async createJWT(username) {

        try{

            let obj = {};

            obj['username'] = username;

            const token = jwt.sign(obj, jwtKey, {algorithm: "HS256", expiresIn: jwtExpirySeconds});

            return token;

        }catch(error){
            console.log(error);
        }
    }


    async verifyToken(req, res, next) {

        try{

            let token =  '';

            if (_.get(req,['body', 'token'])) {
                token = req.body.token;
            }
            if (_.get(req,['query', 'token'])) {
                token = req.query.token;
            }
            if (_.get(req,['headers', 'x-access-token'])) {
                token = req.headers['x-access-token'];
            }
            if (_.get(req,['cookies', 'token'])) {
                token = req.cookies.token;
            }

            if (token === '' || token === null) {
                let err = new Error('No token provided!');
                err.status = 403;
                res.send(err);
            }else{

                jwt.verify(token, jwtKey, (err, decode) => {
                    if (err) {

                        if (err.name === 'TokenExpiredError') {

                            console.log("token expired!");

                            let err = new Error('You are not authenticated!');
                            err.status = 401;
                            res.send(err);
                        }
                    }else{
                        req.decoded = decode;
                        next();
                    }
                })
            }

        }catch(error) {
            console.log(error);
        }
    }
}

module.exports = new DemoProjectJWT();

Here I am binding my token in each route method but I need to write any common method where it will include the token in each route for verification so that if I am creating any new route method I will not add again verify.verifyToken for verification.for each user request it should call automatically.

Solution

  • You need to register your token verification handler as a router-level middleware:

    Router.use(verify.verifyToken);

Router.get('/', controller.getCustomer.bind(controller));
Router.post('/add', controller.addCustomer.bind(controller));