232 words
1 minutes
[Express.js] 6 - JWT in express.js
[Adv] JWT for authentication
JSON Web Token (JWT) is a compact URL-safe means of representing claims to be transferred between two parties.
Install
https://www.npmjs.com/package/jsonwebtoken
yarn add jsonwebtoken yarn add -D @types/jsonwebtoken yarn add permit yarn add -D @types/permit
Usage
Jwt Utils
Inside jwtUtils.ts
import jwt from 'jsonwebtoken' export const jwtConfig = { secret: "shhhhhhhhhhhh", sessionConfig: { expiresIn: "24h" }, }; export function encodeDataToJwt(payload: object): string { return jwt.sign( payload, jwtConfig.secret, { ...jwtConfig.sessionConfig } ); } export function decodeDataInJwt(token: string): object{ return jwt.verify(token, jwtConfig.secret); }
Guard function
Inside guard.ts
import { Bearer } from 'permit'; import { encodeDataToJwt } from './jwtUtils'; const permit = new Bearer({ query: 'access_token', }) export function isLoginGuard( req:express.Request, res:express.Response, next:express.NextFunction ){ try { // Auto check headers from fetch like: // Authorization: `Bearer ${token}` const token = permit.check(req); if(!token){ throw new Error("Missing jwt token.") } const payload = decodeDataToJwt(token); console.log(payload); // Check users data here if you want // With DB or others method return next(); } catch (error:any) { return res.status(401).json({ status: false, msg: "Permission Denied." }); } }
Router usage
Inside usersRouter.ts
import express, { Request, Response } from "express"; import { encodeDataToJwt } from "./jwtUtils" import { isLoginGuard } from "./guard" export const usersRouter = express.Router(); usersRouter.get('/dummyLogin', (req: Request, res: Response) => { return res.status(200).json({ status: true, jwt: encodeDataToJwt({ name: "tom" }) }) }); usersRouter.get('/somePrivateApi', isLoginGuard , (req: Request, res: Response) => { return res.status(200).json({ status: true }) });
Fetch with curl
curl -H 'Accept: application/json' -H "Authorization: Bearer ${TOKEN}" https://localhost:8080/somePrivateApi