Using API and JWT Authentication

Krishna Kant · Krishna Kant · commit fd6d01e1dd18 · 2023-07-27T12:09:52.000+05:30
diff --git a/config/passport-jwt-strategy.js b/config/passport-jwt-strategy.js
@@ -0,0 +1,29 @@
+const passport = require('passport');
+const JWTStrategy = require('passport-jwt').Strategy;
+const ExtractJWT = require('passport-jwt').ExtractJwt;
+
+const User = require('../models/user');
+
+let opts = {
+    jwtFromRequest: ExtractJWT.fromAuthHeaderAsBearerToken(),
+    secretOrKey: 'laterChange'
+}
+
+passport.use(new JWTStrategy(opts, async function(jwtPayLoad, done){
+    try {
+        const user = await User.findById(jwtPayLoad._id);
+        // console.log(user);
+        if(user){
+            return done(null, user);
+        } else {
+            return done(null, false);
+        }
+        
+    } catch (err) {
+        console.log('Error in FInding user from JWT Strategy', err);
+        return;
+    }
+}));
+
+
+module.exports = passport;
diff --git a/controllers/api/v1/posts_api.js b/controllers/api/v1/posts_api.js
@@ -0,0 +1,46 @@
+const Post = require('../../../models/post');
+const Comment = require('../../../models/comment');
+
+module.exports.index = async function(req, res) {
+
+    let posts = await Post.find({})
+    .sort('_createdAt')
+    .populate('user')
+    .populate({
+        path: 'comments',
+        populate: {
+            path: 'user'
+        }
+    });
+
+    return res.json(200, {
+        message : "Lists of Posts",
+        posts: posts
+    })
+}
+
+
+module.exports.destroy = async function(req, res) {
+    try {
+        let post = await Post.findById(req.params.id);
+
+        if(post.user == req.user.id) {
+            post.deleteOne();
+
+            await Comment.deleteMany({post: req.params.id});
+
+            return res.json(200, {
+                message: 'Post and associated comments Deleted Successfully'
+            });
+        } else {
+            return res.json(401, {
+                message: "You cannot delete this post!"
+            });
+        }
+    } catch (err) {
+        console.log('********', err);
+        return res.json(500, {
+            message: "Internal Server Error"
+        });
+    }
+}
diff --git a/controllers/api/v1/users_api.js b/controllers/api/v1/users_api.js
@@ -0,0 +1,26 @@
+ const User = require('../../../models/user');
+ const jwt = require('jsonwebtoken');
+
+ module.exports.createSession = async function(req, res) {
+    try {
+        let user = await User.findOne({email: req.body.email});
+
+        if(!user || user.password != req.body.password) {
+            return res.json(422, {
+                message: "Invalid Username or Password"
+            });
+        }
+
+        return res.json(200, {
+            message: 'Sign in successful, please safe your Token!',
+            data: {
+                token : jwt.sign(user.toJSON(), 'laterChange', {expiresIn : '100000'})
+            }
+        })
+    } catch (err) {
+        console.log('-----', err);
+        return res.json(500, {
+            message: "Internal Server Error"
+        });
+    }
+ }
diff --git a/index.js b/index.js
@@ -7,8 +7,11 @@ const app = express();
 const db = require("./config/mongoose");
 // Used for Session Cookies
 const session = require("express-session");
+
+// Using Passport js Strategy
 const passport = require("passport");
 const passportLocal = require("./config/passport-local-strategy");
+const passportJWT = require('./config/passport-jwt-strategy');
 const MongoStore = require("connect-mongo");
 const sassMiddleware = require("node-sass-middleware");
 const flash = require('connect-flash');
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -18,11 +18,13 @@
     "express": "^4.18.2",
     "express-ejs-layouts": "^2.5.1",
     "express-session": "^1.17.3",
+    "jsonwebtoken": "^9.0.1",
     "mongoose": "^7.3.1",
     "multer": "^1.4.5-lts.1",
     "node-sass-middleware": "^1.0.1",
     "nodemon": "^2.0.22",
     "passport": "^0.6.0",
+    "passport-jwt": "^4.0.1",
     "passport-local": "^1.0.0"
   }
 }
diff --git a/routes/api/index.js b/routes/api/index.js
@@ -0,0 +1,7 @@
+const express = require('express');
+
+const router = express.Router();
+
+router.use('/v1', require('./v1'));
+
+module.exports = router;
diff --git a/routes/api/v1/index.js b/routes/api/v1/index.js
@@ -0,0 +1,8 @@
+const express = require('express');
+
+const router = express.Router();
+
+router.use('/posts', require('./posts'));
+router.use('/users', require('./users'));
+
+module.exports = router;
diff --git a/routes/api/v1/posts.js b/routes/api/v1/posts.js
@@ -0,0 +1,11 @@
+const express = require('express');
+
+const router = express.Router();
+const passport = require('passport');
+const postsAPI = require('../../../controllers/api/v1/posts_api');
+
+
+router.get('/', postsAPI.index);
+router.delete('/:id', passport.authenticate('jwt', {session: false}), postsAPI.destroy);
+
+module.exports = router;
diff --git a/routes/api/v1/users.js b/routes/api/v1/users.js
@@ -0,0 +1,8 @@
+const express = require('express');
+
+const router = express.Router();
+const userAPI = require('../../../controllers/api/v1/users_api');
+
+router.post('/create-session', userAPI.createSession);
+
+module.exports = router;
diff --git a/routes/index.js b/routes/index.js
@@ -9,5 +9,7 @@ router.use('/users', require('./users'));
 router.use('/posts', require('./posts'));
 router.use('/comments', require('./comments'));
 
+router.use('/api', require('./api'));
+
 
 module.exports = router;

Original file line number	Diff line number	Diff line change
`@@ -18,11 +18,13 @@`
`18`	`18`	`"express": "^4.18.2",`
`19`	`19`	`"express-ejs-layouts": "^2.5.1",`
`20`	`20`	`"express-session": "^1.17.3",`
	`21`	`+ "jsonwebtoken": "^9.0.1",`
`21`	`22`	`"mongoose": "^7.3.1",`
`22`	`23`	`"multer": "^1.4.5-lts.1",`
`23`	`24`	`"node-sass-middleware": "^1.0.1",`
`24`	`25`	`"nodemon": "^2.0.22",`
`25`	`26`	`"passport": "^0.6.0",`
	`27`	`+ "passport-jwt": "^4.0.1",`
`26`	`28`	`"passport-local": "^1.0.0"`
`27`	`29`	`}`
`28`	`30`	`}`