feat: added jwt authorization middleware for requests (#9)

f25ae129 · Jonny Ngo Luong · f35dfcbf · f25ae129 · f25ae129 · f25ae129
Commit f25ae129 authored 4 years ago by Jonny Ngo Luong
--- a/server/package-lock.json
+++ b/server/package-lock.json
@@ -10,6 +10,7 @@
      "dependencies": {
        "@types/cors": "^2.8.9",
        "@types/express": "^4.17.11",
+        "@types/express-jwt": "^6.0.1",
        "@types/jest": "^26.0.20",
        "@types/mysql": "^2.15.17",
        "@types/supertest": "^2.0.10",
@@ -17,6 +18,7 @@
        "cors": "^2.8.5",
        "dotenv": "^8.2.0",
        "express": "^4.17.1",
+        "express-jwt": "^6.0.0",
        "jest": "^26.6.3",
        "jsonwebtoken": "^8.5.1",
        "mysql": "^2.18.1",
@@ -1017,6 +1019,15 @@
        "@types/serve-static": "*"
      }
    },
+    "node_modules/@types/express-jwt": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/@types/express-jwt/-/express-jwt-6.0.1.tgz",
+      "integrity": "sha512-zB/oXzS8/NTWUzAG343frlqUrsygHPeyYMVcbJ8YYk7rF1G15eUapPgWh0HdeFi51ajFkkUOU+Q540z1Eu4hJQ==",
+      "dependencies": {
+        "@types/express": "*",
+        "@types/express-unless": "*"
+      }
+    },
    "node_modules/@types/express-serve-static-core": {
      "version": "4.17.18",
      "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.18.tgz",
@@ -1027,6 +1038,14 @@
        "@types/range-parser": "*"
      }
    },
+    "node_modules/@types/express-unless": {
+      "version": "0.5.1",
+      "resolved": "https://registry.npmjs.org/@types/express-unless/-/express-unless-0.5.1.tgz",
+      "integrity": "sha512-5fuvg7C69lemNgl0+v+CUxDYWVPSfXHhJPst4yTLcqi4zKJpORCxnDrnnilk3k0DTq/WrAUdvXFs01+vUqUZHw==",
+      "dependencies": {
+        "@types/express": "*"
+      }
+    },
    "node_modules/@types/graceful-fs": {
      "version": "4.1.5",
      "resolved": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.5.tgz",
@@ -1415,6 +1434,11 @@
        "node": ">=0.10.0"
      }
    },
+    "node_modules/async": {
+      "version": "1.5.2",
+      "resolved": "https://registry.npmjs.org/async/-/async-1.5.2.tgz",
+      "integrity": "sha1-7GphrlZIDAw8skHJVhjiCJL5Zyo="
+    },
    "node_modules/asynckit": {
      "version": "0.4.0",
      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
@@ -2777,6 +2801,25 @@
        "node": ">= 0.10.0"
      }
    },
+    "node_modules/express-jwt": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/express-jwt/-/express-jwt-6.0.0.tgz",
+      "integrity": "sha512-C26y9myRjx7CyhZ+BAT3p+gQyRCoDZ7qo8plCvLDaRT6je6ALIAQknT6XLVQGFKwIy/Ux7lvM2MNap5dt0T7gA==",
+      "dependencies": {
+        "async": "^1.5.0",
+        "express-unless": "^0.3.0",
+        "jsonwebtoken": "^8.1.0",
+        "lodash.set": "^4.0.0"
+      },
+      "engines": {
+        "node": ">= 8.0.0"
+      }
+    },
+    "node_modules/express-unless": {
+      "version": "0.3.1",
+      "resolved": "https://registry.npmjs.org/express-unless/-/express-unless-0.3.1.tgz",
+      "integrity": "sha1-JVfBRudb65A+LSR/m1ugFFJpbiA="
+    },
    "node_modules/extend": {
      "version": "3.0.2",
      "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
@@ -5109,6 +5152,11 @@
      "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz",
      "integrity": "sha1-DdOXEhPHxW34gJd9UEyI+0cal6w="
    },
+    "node_modules/lodash.set": {
+      "version": "4.3.2",
+      "resolved": "https://registry.npmjs.org/lodash.set/-/lodash.set-4.3.2.tgz",
+      "integrity": "sha1-2HV7HagH3eJIFrDWqEvqGnYjCyM="
+    },
    "node_modules/lodash.sortby": {
      "version": "4.7.0",
      "resolved": "https://registry.npmjs.org/lodash.sortby/-/lodash.sortby-4.7.0.tgz",
@@ -9062,6 +9110,15 @@
        "@types/serve-static": "*"
      }
    },
+    "@types/express-jwt": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/@types/express-jwt/-/express-jwt-6.0.1.tgz",
+      "integrity": "sha512-zB/oXzS8/NTWUzAG343frlqUrsygHPeyYMVcbJ8YYk7rF1G15eUapPgWh0HdeFi51ajFkkUOU+Q540z1Eu4hJQ==",
+      "requires": {
+        "@types/express": "*",
+        "@types/express-unless": "*"
+      }
+    },
    "@types/express-serve-static-core": {
      "version": "4.17.18",
      "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.18.tgz",
@@ -9072,6 +9129,14 @@
        "@types/range-parser": "*"
      }
    },
+    "@types/express-unless": {
+      "version": "0.5.1",
+      "resolved": "https://registry.npmjs.org/@types/express-unless/-/express-unless-0.5.1.tgz",
+      "integrity": "sha512-5fuvg7C69lemNgl0+v+CUxDYWVPSfXHhJPst4yTLcqi4zKJpORCxnDrnnilk3k0DTq/WrAUdvXFs01+vUqUZHw==",
+      "requires": {
+        "@types/express": "*"
+      }
+    },
    "@types/graceful-fs": {
      "version": "4.1.5",
      "resolved": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.5.tgz",
@@ -9394,6 +9459,11 @@
      "resolved": "https://registry.npmjs.org/assign-symbols/-/assign-symbols-1.0.0.tgz",
      "integrity": "sha1-WWZ/QfrdTyDMvCu5a41Pf3jsA2c="
    },
+    "async": {
+      "version": "1.5.2",
+      "resolved": "https://registry.npmjs.org/async/-/async-1.5.2.tgz",
+      "integrity": "sha1-7GphrlZIDAw8skHJVhjiCJL5Zyo="
+    },
    "asynckit": {
      "version": "0.4.0",
      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
@@ -10452,6 +10522,22 @@
        "vary": "~1.1.2"
      }
    },
+    "express-jwt": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/express-jwt/-/express-jwt-6.0.0.tgz",
+      "integrity": "sha512-C26y9myRjx7CyhZ+BAT3p+gQyRCoDZ7qo8plCvLDaRT6je6ALIAQknT6XLVQGFKwIy/Ux7lvM2MNap5dt0T7gA==",
+      "requires": {
+        "async": "^1.5.0",
+        "express-unless": "^0.3.0",
+        "jsonwebtoken": "^8.1.0",
+        "lodash.set": "^4.0.0"
+      }
+    },
+    "express-unless": {
+      "version": "0.3.1",
+      "resolved": "https://registry.npmjs.org/express-unless/-/express-unless-0.3.1.tgz",
+      "integrity": "sha1-JVfBRudb65A+LSR/m1ugFFJpbiA="
+    },
    "extend": {
      "version": "3.0.2",
      "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
@@ -12217,6 +12303,11 @@
      "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz",
      "integrity": "sha1-DdOXEhPHxW34gJd9UEyI+0cal6w="
    },
+    "lodash.set": {
+      "version": "4.3.2",
+      "resolved": "https://registry.npmjs.org/lodash.set/-/lodash.set-4.3.2.tgz",
+      "integrity": "sha1-2HV7HagH3eJIFrDWqEvqGnYjCyM="
+    },
    "lodash.sortby": {
      "version": "4.7.0",
      "resolved": "https://registry.npmjs.org/lodash.sortby/-/lodash.sortby-4.7.0.tgz",

--- a/server/package.json
+++ b/server/package.json
@@ -12,6 +12,7 @@
  "dependencies": {
    "@types/cors": "^2.8.9",
    "@types/express": "^4.17.11",
+    "@types/express-jwt": "^6.0.1",
    "@types/jest": "^26.0.20",
    "@types/mysql": "^2.15.17",
    "@types/supertest": "^2.0.10",
@@ -19,6 +20,7 @@
    "cors": "^2.8.5",
    "dotenv": "^8.2.0",
    "express": "^4.17.1",
+    "express-jwt": "^6.0.0",
    "jest": "^26.6.3",
    "jsonwebtoken": "^8.5.1",
    "mysql": "^2.18.1",

--- a/server/src/controllers/userController/index.ts
+++ b/server/src/controllers/userController/index.ts
@@ -4,6 +4,7 @@ import express from 'express';
 import IUser from '../../models/user';
 import * as jwt from 'jsonwebtoken';
 import config from '../../config';
+import authenticateToken from '../../middlewares/auth';

 const router = express.Router();
 /* ============================= CREATE ============================= */
@@ -37,7 +38,7 @@ router.route('/').get(async (_: Request, response: Response) => {
 });

 // Get user with id `/api/user/:id`
-router.route('/:userId').get(async (request: Request, response: Response) => {
+router.route('/:userId').get(authenticateToken, async (request: Request, response: Response) => {
 	const userId = request.params.userId;
 	try {
 		const input = `SELECT userId, username, email, create_time FROM user WHERE userId=?;`

--- a/server/src/middlewares/auth.ts
+++ b/server/src/middlewares/auth.ts
+import expressJwt from 'express-jwt';
+import config from '../config';
+
+const JWT_KEY = config.JWT_KEY.replace(/\\n/gm, '\n');
+
+const authenticateToken = expressJwt({
+    algorithms: ['RS256'],
+    secret: JWT_KEY,
+});
+export default authenticateToken;
\ No newline at end of file