set up protected routes

Author: blb509

api/server.js

@@ -1,26 +1,27 @@
-const express = require("express");
-const configureMiddleware = require("./middleware.js");
-const forms = require("../forms/forms-routes.js");
-const users = require("../user/user-routes.js");
-const departments = require("../departments/departments-routes.js");
-const defaultRules = require("../form_rules/rules-default-routes.js");
-const rules = require("../form_rules/rules-routes.js");
-const fields = require("../form_fields/form-fields-routes");
+const express = require('express')
+const configureMiddleware = require('./middleware.js')
+const forms = require('../forms/forms-routes.js')
+const users = require('../user/user-routes.js')
+const departments = require('../departments/departments-routes.js')
+const defaultRules = require('../form_rules/rules-default-routes.js')
+const rules = require('../form_rules/rules-routes.js')
+const fields = require('../form_fields/form-fields-routes')
+const restricted = require('../auth/restrictedMiddleware.js')
 
-const server = express();
+const server = express()
 
-configureMiddleware(server);
+configureMiddleware(server)
 
-server.use(express.json());
+server.use(express.json())
 
-server.get("/", (req, res) => {
-  res.status(200).send("Hello Earthling");
-});
+server.get('/', (req, res) => {
+  res.status(200).send('Hello Earthling')
+})
 
-server.use("/api/users", users);
-server.use("/api/forms", forms);
-server.use("/api/fields", fields);
-server.use("/api/departments", departments);
-server.use("/api/rules", defaultRules, rules);
+server.use('/api/users', users)
+server.use('/api/forms', restricted, forms)
+server.use('/api/fields', restricted, fields)
+server.use('/api/departments', restricted, departments)
+server.use('/api/rules', restricted, defaultRules, rules)
 
-module.exports = server;
+module.exports = server

auth/restrictedMiddleware.js

@@ -0,0 +1,19 @@
+const jwt = require('jsonwebtoken')
+const secret = require('./secret.js')
+
+module.exports = (req, res, next) => {
+  const token = req.headers.authorization
+
+  if (token) {
+    jwt.verify(token, secret.jwtSecret, (err, decodedToken) => {
+      if (err) {
+        res.status(401).json({ message: 'Invalid Token.' })
+      } else {
+        req.decodedJwt = decodedToken
+        next()
+      }
+    })
+  } else {
+    res.status(401).json({ message: 'No token provided. Please log in.' })
+  }
+}

auth/secret.js

@@ -0,0 +1,3 @@
+module.exports = {
+  jwtSecret: process.env.JWT_SECRET || 'Super Secret Secret'
+}

user/user-model.js

@@ -1,19 +1,34 @@
 const db = require('../data/dbConfig.js')
+const jwt = require('jsonwebtoken')
+const secret = require('../auth/secret.js')
 
 module.exports = {
   find,
   verifyUser,
   addUser,
-  deleteUser
+  deleteUser,
+  generateToken
+}
+
+function generateToken() {
+  const payload = {
+    message: 'Onward!'
+  }
+
+  const options = {
+    expiresIn: '1d'
+  }
+
+  return jwt.sign(payload, secret.jwtSecret, options)
 }
 
 function find() {
-  return db('users');
+  return db('users')
 }
 
 async function verifyUser(id) {
-  console.log("ID", id);
-  
+  console.log('ID', id)
+
   const selected = db('users')
     .where('user_id', id)
     .first()
@@ -22,7 +37,7 @@ async function verifyUser(id) {
 }
 
 async function addUser(user) {
-  console.log("USER", user);
+  console.log('USER', user)
   const [id] = await db('users')
     .returning('id')
     .insert(user)

user/user-routes.js

@@ -36,15 +36,16 @@ router.post('/user', async (req, res) => {
 
   User.verifyUser(id)
     .then(async user => {
+      const token = User.generateToken()
       if (user == null) {
         const newUser = await User.addUser({
           user_id: id,
           first_name: firstName,
           last_name: lastName
         })
-        res.status(200).json(newUser)
+        res.status(200).json({ userInfo: newUser, token: token })
       }
-      res.status(200).json(user)
+      res.status(200).json({ userInfo: user, token: token })
     })
     .catch(error => {
       res.status(500).json({ err: 'Could not verify user', error })