aheh/ChessHub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Authentication logic changed

Browse Source 
JWT is now stored in cookie instead of localStorage
changed APIs:
-> /api/auth/login
-> /api/auth/signup
new APIs:
-> /api/auth/logout
This commit is contained in:
Moon Patel
2023-07-23 13:20:55 +05:30
parent b2af52f2c6
commit 81ff9e31a0
5 changed files with 166 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/util/auth.js
+29 -11
View File
@@ -21,27 +21,45 @@ function isValidPassword(password, storedPassword) {
return compare(password, storedPassword);
}
// function checkAuthMiddleware(req, res, next) {
// if (req.method === "OPTIONS") {
// return next();
// }
// if (!req.headers.authorization) {
// console.log("NOT AUTH. AUTH HEADER MISSING.");
// return next(new NotAuthError("Not authenticated."));
// }
// const authFragments = req.headers.authorization.split(" ");
// if (authFragments.length !== 2) {
// console.log("NOT AUTH. AUTH HEADER INVALID.");
// return next(new NotAuthError("Not authenticated."));
// }
// const authToken = authFragments[1];
// try {
// const validatedToken = validateJSONToken(authToken);
// req.userid = validatedToken;
// } catch (error) {
// console.log("NOT AUTH. TOKEN INVALID.");
// return next(new NotAuthError("Not authenticated."));
// }
// next();
// }
function checkAuthMiddleware(req, res, next) {
if (req.method === "OPTIONS") {
return next();
}
if (!req.headers.authorization) {
console.log("NOT AUTH. AUTH HEADER MISSING.");
return next(new NotAuthError("Not authenticated."));
let authToken = req.cookies["auth-token"];
if (!authToken) {
return res.status(401).json({ userMessage: "Not authenticated", devMessage: "Auth token not found" });
}
const authFragments = req.headers.authorization.split(" ");
if (authFragments.length !== 2) {
console.log("NOT AUTH. AUTH HEADER INVALID.");
return next(new NotAuthError("Not authenticated."));
}
const authToken = authFragments[1];
try {
const validatedToken = validateJSONToken(authToken);
req.userid = validatedToken;
} catch (error) {
console.log("NOT AUTH. TOKEN INVALID.");
return next(new NotAuthError("Not authenticated."));
return res.status(401).json({ userMessage: "Not authenticated", devMessage: "Invalid auth token" });
}
next();
}