auth-middleware-jwt
v1.0.17
Published
This package will be used for jsonwebtoken's middleware where the token generation and verification will be done by importing two objects from this package
Downloads
42
Maintainers
sazzad-anwarReadme
auth-middleware-jwt
JWT authentication middleware for any nodejs API. Just install and import two objects from package as shown below.
Install using npm
npm i auth-middleware-jwt jsonwebtokenOr using yarn
yarn add auth-middleware-jwt jsonwebtokenMake a .env file of your project root and set two environment variables as shown below
ACCESS_TOKEN_EXPIRES_IN=1h //modify as you need eg: 60s, 1m, 1h, 7d
REFRESH_TOKEN_EXPIRES_IN=1y //modify as you need eg: 30d, 7d, 24h
ACCESS_TOKEN_SECRET_KEY=my_secret_key //use your secret key
REFRESH_TOKEN_SECRET_KEY=my_secret_key //use your secret keyTo have this a try copy this template and run your node application
const express = require('express');
const dotenv = require('dotenv');
const {
getAccessToken,
getRefreshToken,
RefreshTokenValidation,
AccessTokenValidation,
} = require('auth-middleware-jwt');
const app = express();
const port = 3010 || process.env.PORT;
dotenv.config();
app.use(express.json());
// use redis to store the refresh tokens;
let refreshTokens = [];
// use your database to store the user data
let user = {};
//@Description: Route for a login auth route with user credentials
//Route: http://localhost:3000
//Method: POST
//Set Login credentials in body as shown below
// {
// name:'useer',
// email:'[email protected]',
// password:'password'
// }
app.post('/', async (req, res) => {
const { name, email, password } = req.body;
//setup your authentication checking logics
//get your user data to send as payload of JWT
user.id = '49afbf2a-0c08-4636-963c-1933507fb168';
user.name = name;
user.email = email;
user.image = 'https://picsum.photos/100/100';
try {
let accessToken = await getAccessToken(user);
let refreshToken = await getRefreshToken({ user: user.id });
refreshTokens.push(refreshToken);
res.json({
code: 200,
isSuccess: true,
status: 'success',
data: {
accessToken,
refreshToken,
},
});
} catch (error) {
console.log(error);
res.json({
code: 200,
isSuccess: true,
status: 'success',
message: error.message,
});
}
});
//@Description: Set the access token as bearer token in header as key 'Authorization' and value 'Bearer <the token will be given after login />'
//Route: http://localhost:3000/protected_route
//Method: POST
app.post('/protected_route', AccessTokenValidation, async (req, res) => {
if (req.user) {
res.json({
code: 200,
isSuccess: true,
status: 'success',
data: {
user: req.user,
},
});
} else {
res.json({
code: 404,
isSuccess: false,
status: 'failed',
message: 'User is not found',
});
}
});
/*
@Description: If the the access token is expired then use this route to renew access and refresh token by sending the refresh token in header as refreshToken and value 'Bearer <the refresh token will be given after login or registration />'
Route: http:localhost:3000/get-access-token
Method: POST
*/
app.post('/get-access-token', RefreshTokenValidation, async (req, res) => {
let { id, token } = req.user;
if (refreshTokens.includes(token)) {
try {
let accessToken = await getAccessToken(id);
let refreshToken = await getAccessToken({ user: id });
refreshTokens[id] = refreshToken;
res.json({
code: 200,
status: 'success',
isSuccess: true,
data: {
isLoggedIn: true,
accessToken,
refreshToken,
},
});
} catch {
res.status(403).json({
code: 403,
isSuccess: false,
status: 'failed',
message: 'Request not allowed !',
});
}
} else {
res.status(403).json({
code: 403,
isSuccess: false,
status: 'failed',
message: 'Request not allowed !',
});
}
});
app.listen(port, () => console.log(`App is listening on ${port}`));