refactor signing in to return a token to pass with each request

hackforla · Sep 14, 2023 · b36f3e1 · b36f3e1
1 parent 72bf070
commit b36f3e1
Show file tree

Hide file tree

Showing 10 changed files with 57 additions and 8 deletions.
diff --git a/backend/controllers/user.controller.js b/backend/controllers/user.controller.js
@@ -151,6 +151,7 @@ UserController.signin = function (req, res) {
         return res.sendStatus(401);
       }
       const jsonToken = generateAccessToken(user, auth_origin);
+
       EmailController.sendLoginLink(
         req.body.email,
         req.body.auth_origin,
@@ -159,7 +160,9 @@ UserController.signin = function (req, res) {
         req.cookie,
         origin,
       );
-      return res.sendStatus(200);
+       res.status(200)
+       res.json({ token: jsonToken})
+       return
     })
     .catch((err) => {
       console.log(err);

diff --git a/backend/middleware/auth.middleware.js b/backend/middleware/auth.middleware.js
@@ -35,8 +35,40 @@ function verifyCookie(req, res, next) {
   });
 }
 
+function protect(req, res, next) {
+
+  const bearer = req.headers.authorization;
+
+  if(!bearer) {
+    res.status(401)
+    res.json({message: "You aren't authorized to do this."})
+    return
+  }
+
+  const [ , token] = bearer.split(' ');
+
+  if (!token) {
+    res.status(401)
+    res.json({message: "You don't have a valid token."})
+    return
+  }
+
+  try {
+    const user = jwt.verify(token, CONFIG_AUTH.SECRET)
+    req.user = user
+    next()
+  } catch(e) {
+    console.log(e)
+    res.status(401)
+    res.json({message: "You need a valid token, try again."})
+    return
+  }
+
+}
+
 const AuthUtil = {
   verifyToken,
   verifyCookie,
+  protect
 };
 module.exports = AuthUtil;
diff --git a/backend/middleware/user.middleware.js b/backend/middleware/user.middleware.js
@@ -15,7 +15,8 @@ function isAdminByEmail(req, res, next) {
       return res.sendStatus(400);
     } else {
       const role = user.accessLevel;
-      if (req.get('origin').includes('3001') || role === 'admin' || user.managedProjects.length > 0) {
+      // removed the check for origin === 3001 it was hanging up in Postman
+      if (role === 'admin' || user.managedProjects.length > 0) {
         next();
       } else {
         next(res.sendStatus(401));

diff --git a/backend/package.json b/backend/package.json
@@ -8,7 +8,7 @@
     "format": "prettier --check .",
     "test": "jest",
     "test:watch": "jest --watch",
-    "start": "node server.js",
+    "start": "nodemon server.js",
     "dev": "nodemon server.js",
     "client": "npm run start --prefix client",
     "heroku-postbuild": "cd client && npm install && npm run build"

diff --git a/backend/routers/projects.router.js b/backend/routers/projects.router.js
@@ -1,12 +1,13 @@
 const express = require("express");
 const router = express.Router();
+const { AuthUtil } = require('../middleware')
 
 const { ProjectController } = require('../controllers');
 
 // The base is /api/projects
 router.get('/', ProjectController.project_list);
 
-router.post('/', ProjectController.create);
+router.post('/', AuthUtil.protect, ProjectController.create);
 
 router.get('/:ProjectId', ProjectController.project_by_id);
 

diff --git a/client/src/api/ProjectApiService.js b/client/src/api/ProjectApiService.js
@@ -23,7 +23,7 @@ class ProjectApiService {
   }
 
   // Handles the POST request and returns the projects ID.
-  async create(projectData) {
+  async create(projectData, token) {
     const {
       name,
       description,
@@ -36,7 +36,10 @@ class ProjectApiService {
     } = projectData;
     const requestOptions = {
       method: 'POST',
-      headers: this.headers,
+      headers: {
+        ...this.headers,
+        'Authorization': `Bearer ${token}`
+      },
       body: JSON.stringify({
         name,
         description,

diff --git a/client/src/components/ProjectForm.js b/client/src/components/ProjectForm.js
@@ -100,9 +100,13 @@ export default function ProjectForm({
 
   // Handles POST request found in api/ProjectApiService.
   const submitNewProject = async (data) => {
+    const token = localStorage.getItem('token')
+    if(!token) {
+      return null
+    }
     const projectApi = new ProjectApiService();
     try {
-      const id = await projectApi.create(data);
+      const id = await projectApi.create(data, token);
       history.push(`/projects/${id}`);
     } catch (errors) {
       console.error(errors);

diff --git a/client/src/components/auth/Auth.js b/client/src/components/auth/Auth.js
@@ -60,6 +60,8 @@ const Auth = () => {
         }
 
         const isAuth = await checkAuth(email, LOG_IN);
+        localStorage.setItem('token', isAuth.token);
+
         if (isAuth) {
           history.push('/emailsent');
         } else {

diff --git a/client/src/context/authContext.js b/client/src/context/authContext.js
@@ -19,6 +19,7 @@ export const AuthProvider = ({ children }) => {
   };
 
   const logout = async () => {
+    localStorage.removeItem('token')
     const res = await authApi.fetchLogout();
 
     if (!res.ok) {

diff --git a/client/src/services/user.service.js b/client/src/services/user.service.js
@@ -39,7 +39,9 @@ export async function checkAuth(email, auth_origin) {
       headers: HEADERS,
       body: JSON.stringify({ email: email, auth_origin: auth_origin }),
     });
-    return response.status === 200;
+
+    const token = await response.json()
+    return token
   } catch (error) {
     console.log('User is not authorized in app');
     console.log(error);