Merge pull request #186 from agiledev-students-fall2023/passport_jwt

Passport jwt

back-end/src/app.mjs

@@ -1,18 +1,16 @@
 import express from 'express';
 import url from 'url';
 import path from 'path';
-// middlewares
 import multer from "multer";
-import bcrypt from 'bcryptjs';
 import cors from 'cors';
-import "dotenv/config";
 import dotenv from 'dotenv';
 import morgan from 'morgan';
 import session from 'express-session';
 import mongoose from 'mongoose';  
 import { body, validationResult }  from 'express-validator';
 import jwt from 'jsonwebtoken';
-
+import passport from 'passport'
+import CustomJwtStrategy from './config/jwt-config.mjs';
 // routes
 import loginRouter from './routes/loginRouter.mjs';
 import registerRouter from './routes/registerRouter.mjs';
@@ -23,11 +21,9 @@ import getpieceRouter from './routes/getpieceRouter.mjs';
 import resetpasswordRouter from './routes/resetpasswordRouter.mjs';
 import resetemailRouter from './routes/resetemailRouter.mjs';
 import searchArtsRouter from './routes/searchArtsRouter.mjs';
-
 import {addFavListRouter,favListRouter, getArts} from './routes/modifyFavListRouter.mjs'
-import { configDotenv } from 'dotenv';
-const app = express();
 
+const app = express();
 
 // use the morgan middleware to log all incoming http requests
 app.use(morgan("dev"));
@@ -66,7 +62,11 @@ app.use(session({
 }))
 console.log('Session secret:', process.env.SESSION_SECRET);
 
-// other middlewares
+// jwt strategy
+passport.use(CustomJwtStrategy)
+
+// initialize passport
+app.use(passport.initialize())
 
 // routes that does not need authentication
 // app.post("/getpiece", getpieceRouter);
@@ -101,8 +101,6 @@ const passwordValidationRules = [
     // Optionally, include checks for special characters or uppercase letters
 ];
 
-
-
 // routes that needs authentication
 // Account routes
 app.patch("/changeusername", usernameValidationRules, changeusernameRouter); //Finished

back-end/src/config/jwt-config.mjs

@@ -0,0 +1,33 @@
+import passportJWT from "passport-jwt";
+import User from "../models/User.mjs";
+
+const ExtractJwt = passportJWT.ExtractJwt
+const JwtStrategy = passportJWT.ExtractJwt
+
+// how the token is extracted and verified from the request
+const jwtOptions = {
+  jwtFromRequest: ExtractJwt.fromAuthHeaderWithScheme("jwt"), //fromAuthHeaderAsBearerToken()
+  secretOrKey: process.env.JWT_SECRET,
+}
+
+const jwtVerifyToken = async function (jwt_payload, done) {
+  console.log("JWT payload received", jwt_payload) // debugging
+
+  // token expiration
+
+  // match user in database
+  try {
+    const user = await User.findOne({ uuid: jwt_payload.uuid })
+    if (!user) throw {jwtMessage: "user not found"}
+    return done(null, user)
+
+  } catch (error) {
+    return done(null, false, {message: error.jwtMessage})
+  }
+}
+
+const CustomJwtStrategy = () => {
+  return new JwtStrategy(jwtOptions, jwtVerifyToken)
+}
+
+export default CustomJwtStrategy

back-end/src/models/User.mjs

@@ -26,7 +26,7 @@ const userSchema = new mongoose.Schema({
   __v: {
     type: Number // Number type for the version key
   }
-});
+})
 
 const User = model('User', userSchema,'users');
 export default User;

back-end/src/routes/loginRouter.mjs

@@ -28,10 +28,10 @@ const loginRouter = async (req, res) => {
     return res.status(200).json({ message: "Successfully logged in!", 
     accessToken,
     user: {
-      uuid: user.uuid,
       name: user.name,
       email: user.email
-    } })
+      }
+    })
 
   } catch (error) {
       return res.status(500).json({ message: "Internal server error." });

front-end/src/pages/Account/Account.jsx

@@ -22,7 +22,6 @@ const AccountEdit = (props) => {
   const storedUserData = JSON.parse(localStorage.getItem('user') || '{}');
   const [username, setUsername] = useState(storedUserData.name || 'John Doe');
   const [email, setEmail] = useState(storedUserData.email || '[email protected]');
-  // console.log(storedUserData.email)
 
   // Set username and email on the screen
   useEffect(() => {
@@ -63,12 +62,7 @@ const AccountEdit = (props) => {
 
       if(response?.data?.user){
         setUsername(response.data.user.name);
-        const userData = {
-          uuid: response.data.user.uuid,
-          name: response.data.user.name,
-          email: response.data.user.email
-        };
-        localStorage.setItem('user', JSON.stringify(userData))
+        localStorage.setItem('user', JSON.stringify(response.data.user))
         // localStorage.setItem('username', response.data.user.name);
 
       }else{
@@ -100,12 +94,7 @@ const AccountEdit = (props) => {
 
       if(response?.data?.user){
         setEmail(response.data.user.email);
-        const userData = {
-          uuid: response.data.user.uuid,
-          name: response.data.user.name,
-          email: response.data.user.email
-        };
-        localStorage.setItem('user', JSON.stringify(userData))
+        localStorage.setItem('user', JSON.stringify(response.data.user))
       }else{
         console.log("Error!!!!!");
       }

front-end/src/pages/Authenticate/Login.jsx

@@ -40,12 +40,7 @@ const Login = () => {
 
       // Stores the token and user data in localStorage upon successful login
       localStorage.setItem('token', response.data.accessToken);
-      const userData = {
-        uuid: response.data.user.uuid,
-        name: response.data.user.name,
-        email: response.data.user.email
-      };
-      localStorage.setItem('user', JSON.stringify(userData));
+      localStorage.setItem('user', JSON.stringify(response.data.user));
 
       setLoginMessage("Login successful!"); // Sets a success message
       navigate("/"); // Navigates to the home page or dashboard